Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

You receive the "Opening this will run the following SQL command" message when you open a Word mail merge main document that is linked to a data source


View products that this article applies to.


Important This article contains information that shows you how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment. If you implement this workaround, take any appropriate additional steps to help protect your system.

↑ Back to the top


Symptoms

When you open a mail merge main document in Microsoft Office Word, you experience one of the following symptoms:
  • You receive the following prompt:
    Opening this document will run the following SQL command:
    SELECT * FROM your datasource
    Data from your database will be placed in the document. Do you want to continue?
    Note If you click Yes, the mail merge main document opens with the data source attached. If you click No, the mail merge main document opens without the data source attached.

    In Microsoft Office Word 2007, perform the following action while the prompt is displayed:
    • To determine the unique number that is associated with the message that you receive, press CTRL+SHIFT+I. The following number appears in the lower-right corner of this message:
      201235
  • A mail merge main document that is opened by using Microsoft Visual Basic for Applications(VBA) does not have the data source attached.
Note It could be that you are using a program, for example Microsoft Access or Microsoft Visual FoxPro, to programmatically open a mail merge main document file when you experience the symptoms in this article.

↑ Back to the top


Cause

The prompt that is described in the "Symptoms" section is by design.

This prompt exists in all later versions of Microsoft Office and was introduced in Office XP Service Pack 3. This prompt was added in the products listed in the "Applies to" section to make mail merge more secure. If you click Yes when you receive the prompt, you let code run on your computer. A malicious user may be able to craft a SQL query that is designed to steal or to destroy data that you have access to. If you click No when you receive the prompt, you do not let code to run.


Note Setting DisplayAlerts=none through VBA suppresses the prompt when the file is opened by using VBA, but uses the NO option to open the document and no data is attached to the mail merge main document.

↑ Back to the top


Workaround

Warning This workaround may make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows


If you read and understand the disclaimers that are provided in this article and if the documents that you open by using mail merge are from a trusted source, you may want to work around the behavior that is described in the “Symptoms” section.

To work around this behavior, disable the security prompt by using the SQLSecurityCheck registry key.

To disable the security prompt by using the SQLSecurityCheck registry key, follow the appropriate steps for your version of Microsoft Word.

Word 2013

HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Word\Options 

"SQLSecurityCheck"=dword:00000000
  1. Start Registry Editor.
  2. Locate and then click the following registry key:

    HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Word\Options
  3. On the Edit menu, point to New, and then click DWORD Value.
  4. Under Name, type:

    SQLSecurityCheck
  5. Double-click SQLSecurityCheck.
  6. In the Value data box, type:

    00000000
  7. Click OK.

 Word 2010

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Options  

"SQLSecurityCheck"=dword:00000000
  1. Start Registry Editor.
  2. Locate and then click the following registry key:
    HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Options
  3. On the Edit menu, point to New, and then click DWORD Value.
  4. Under Name, type:
    SQLSecurityCheck
  5. Double-click SQLSecurityCheck.
  6. In the Value data box, type:
    00000000
  7. Click OK.

Word 2007

HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Word\Options

"SQLSecurityCheck"=dword:00000000
  1. Start Registry Editor.
  2. Locate and then click the following registry key:
    HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Word\Options
  3. On the Edit menu, point to New, and then click DWORD Value.
  4. Under Name, type:
    SQLSecurityCheck
  5. Double-click SQLSecurityCheck.
  6. In the Value data box, type:
    00000000
  7. Click OK.

Word 2003

HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Word\Options

"SQLSecurityCheck"=dword:00000000
  1. Start Registry Editor.
  2. Locate and then click the following registry key:
    HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Word\Options
  3. Click Edit, point to New, and then click DWORD Value.
  4. Under Name, type:
    SQLSecurityCheck
  5. Double-click SQLSecurityCheck.
  6. In the Value data box, type:
    00000000
  7. Click OK.

Word 2002 Service Pack 3

HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Word\Options

"SQLSecurityCheck"=dword:00000000

To do this, follow these steps:
  1. Start Registry Editor.
  2. Locate and then click the following registry key:
    HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Word\Options
  3. Click Edit, point to New, and then click DWORD Value.
  4. Under Name, type:
    SQLSecurityCheck
  5. Double-click SQLSecurityCheck.
  6. In the Value data box, type:
    00000000
  7. Click OK.

↑ Back to the top


Status

This behavior is by design.

↑ Back to the top


Keywords: kbinfo, kbentirenet, kbsweptsoltax, kbfreshness2006, consumeroff2010track, kbexpertisebeginner, kbofficealertid, kb, kboffice12yes

↑ Back to the top

Article Info
Article ID : 825765
Revision : 6
Created on : 4/17/2018
Published on : 4/17/2018
Exists online : False
Views : 432