> If I allow users to create a QueryDef by entering an sql statement in a
text
box, can I restrict that query to a specific table? Is there some way to
throw an error based on what table a query attempts to update, or even
selects from?
This seems to work, but other suggestions welcome...
Public Function SafeQry(strSql As String, safeTbl As String) As Boolean
On Error GoTo HandleErr
Dim objRgx As Object
Dim db As DAO.Database
Dim tdf As DAO.TableDef
Dim tdfs As DAO.TableDefs
Set db = CurrentDb
Set tdfs = db.TableDefs
Set objRgx = CreateObject("VBScript.RegExp")
SafeQry = True
For Each tdf In tdfs
If tdf.Name <> safeTbl Then
objRgx.Pattern = tdf.Name
If objRgx.Test(strSql) Then
SafeQry = False
Exit For
End If
End If
Next
Exit_Here:
On Error Resume Next
Set objRgx = Nothing
Set tdf = Nothing
Set tdfs = Nothing
Set db = Nothing
Exit Function
HandleErr:
Resume Exit_Here
End Function