Non-web SQL Injection
There seems to be some hysteria about SQL Injection attacks. Most recently, here
How to return the value in one field based on lookup value in another field
If I'm creating a macro in Excel that connects to an Access database, do I really have to be concerned about SQL injection? It's not on the web, it's used in my office (you guys remember desktops right?). I'm not concerned that my co-workers are going to sabotage me. If they're smart enough to do a SQL injection, aren't they smart enough to crack my add-in password and just change the code?
If you're building SQL in your macro, it's vulnerable to SQL injection. Even if you trust the people who will be using the thing, you should at least watch for the basics, like people trying to put single-quote and semicolon characters into database fields. this isn't so much a security issue in your case as just data validation.
SQL Injection is not just a security threat, it is a very real source of bugs too.
Are you sure that none of your records will ever have an apostophe (') in them?
INSERT INTO NAMES (FIRSTNAME, LASTNAME) VALUES('Jack', 'O'Neill')
In this case, you have a bug even though nobody wanted to crack your system.
you never know when bobby tables is going to use your word macro: