ms-access Parameterized Queries Vulnerable Approach: Concatenated SQL string with form references
Example
This is the typical approach for novice developers building SQL action queries. They are vulnerable to the Bobby Tables type SQL Injection attacks.
Dim strSQL As String
strSQL = "INSERT INTO Employees chrFirstName, chrLastName, chrPhone " _
& "VALUES ('" & Me!txtFirstName & "','" & Me!txtLastName & "','" & Me!txtPhone & "');"
CurrentDb.Execute strSQL
