cfqueryparam

ColdFusion 9: int and type=“numeric” nasty bug?

旧时模样 提交于 2019-12-30 07:39:16
问题 I've just experienced a behaviour that defies any logic and could potentially lead to serious issues and was wondering if it was a bug or if the behaviour was itended and what are the best practices to circumvent the issue? If it's a bug, is there a patch? Here's the two wierd behaviours that when put together are a threat to any system's data integrity. int('1 2') -> 41276 isValid('numeric', '1 2') -> true Why? Well let's see... <cffunction name="deleteSomething" access="public" returntype=

Select IN on more than 2100 values

孤者浪人 提交于 2019-12-28 07:06:07
问题 How can you do a select in on more than 2100 values? <cfquery name="result.qryData"> SELECT sub_acct_no, ... FROM dbo.Closed_ORDER WHERE ord_no IN <cfqueryparam cfsqltype="CF_SQL_varchar" value="#ValueList(qryOrd.ord_no)#" list="yes"> </cfquery> Because of the ways that the tables are setup, linked Servers and JOINS are not an option. When this is ran an error this thrown because there are new many fields being passed in. 回答1: First load the values into XML <cfset var strResult = '<ul class=

Struckt Key Exists in cfqueryparam?

送分小仙女□ 提交于 2019-12-24 11:37:14
问题 I have form fields with checkbox fields. On my cfc page I would like to use strucktKeyExists to check if checkbox form fields exist when I run my Insert/Update query. Also I have null attribute in my cfqueryparam that will set value to true/false if value/field doesn't exist. Here is example of my code: dm_ck0 = <cfqueryparam value="#trim(structKeyExists(FORM, 'frm_ck0'))#" cfsqltype="cf_sql_bit" maxlength="1" null="#yesNoFormat(!len(trim(structKeyExists(FORM, 'frm_ck0'))))#" /> So when I

Is there a solution to this cfqueryparam memory leak?

99封情书 提交于 2019-12-21 18:06:08
问题 Updates: I have submitted the bug to Adobe and referenced this SO question In my real-world code where the problem occurred I decided to just remove my use of cfqueryparam. I am now using a custom function to format the param based on type. There are security and speed concerns that I will have to deal with but it gets the particular process working acceptably under current load. In the future I am planning on going to process that pulls the data files into temporary tables in the database. I

What is the most appropriate Coldfusion cfsqltype to use for MS SQL's uniqueidentifier field type?

蓝咒 提交于 2019-12-20 02:10:09
问题 When connecting from Coldfusion 8 to a MS SQL 2008 datasource, what Coldfusion cfsqltype should I use for a SQL column set to 'uniqueidentifier'. <cfquery name="user" datasource="#ds#"> SELECT id, username FROM users WHERE id = <cfqueryparam cfsqltype="WHAT_CF_SQL_TYPE_HERE?" value="#arguments.id#"> </cfquery> Thanks! 回答1: CF_SQL_CHAR or CF_SQL_IDSTAMP see: http://livedocs.adobe.com/coldfusion/8/htmldocs/Tags_p-q_18.html 来源: https://stackoverflow.com/questions/1949884/what-is-the-most

Use of CFQUERYPARAM to specify table/column names in SQL

一曲冷凌霜 提交于 2019-12-13 17:46:29
问题 I need to dynamically construct a set of JOIN statements where the table and column names are passed in from another ColdFusion query. When passing the string values to into the statement, CFQUERYPARAM adds single quotes around it - that's part of the point of CFQUERYPARAM. Given that this breaks the SQL statement, is it acceptable not to use CFQUERYPARAM in this case and instead ensure that the incoming query is cleansed, or is there a way round which allows CFQUERYPARAM to be used? (I can

Coldfusion: executing dynamic query containing cfqueryparam

ぐ巨炮叔叔 提交于 2019-12-11 07:01:19
问题 First, the code. I'm making a struct of queries: <cfset myQueryStruct = { qone = "select * from t1 where column = <cfqueryparam cfsqltype='cf_sql_varchar' value='#arguments.a1#'>", qtwo = "select * from t2 where column = <cfqueryparam cfsqltype='cf_sql_varchar' value='#arguments.a1#'>" }> I need to execute the queries dynamically like below: <cfquery name="qName" datasource="#dsn#"> #myQueryStruct[arguments.type]# </cfquery> But I am getting an error: Error Executing Database Query.

Using cfqueryparam with constants

别等时光非礼了梦想. 提交于 2019-12-10 14:30:10
问题 We religiously use cfqueryparam in our SQL queries. Some of my predecessors seem to have been a little overzealous when using it with direct values rather than variables. Isn't record_is_deleted_bt = <cfqueryparam cfsqltype="cf_sql_bit" value="0"> overkill? I mean, there's no chance for SQL injection and I don't think that using a bind variable here does anything helpful vis-à-vis improving performance in the database. Wouldn't it be just as reasonable to do record_is_deleted_bt = 0 ? Is

How do you use cfqueryparam in the ORDER BY clause?

回眸只為那壹抹淺笑 提交于 2019-12-07 00:22:51
问题 I'm trying to be a good CF web developer and use <cfqueryparam> around all FORM or URL elements that make it to my SQL queries. In this case, I'm trying to allow a user to control the ORDER BY clause dynamically. <cfquery datasource="MyDSN" name="qIncidents"> SELECT IncidentID, AnimalID, IntakeDate, DxDate, OutcomeDate FROM Incidents WHERE ShelterID = <cfqueryparam cfsqltype="cf_sql_integer" value="#Arguments.ShelterID#"> ORDER BY <cfqueryparam cfsqltype="cf_sql_varchar" value="#SortBy#"> <

How do you use cfqueryparam in the ORDER BY clause?

北慕城南 提交于 2019-12-05 04:33:10
I'm trying to be a good CF web developer and use <cfqueryparam> around all FORM or URL elements that make it to my SQL queries. In this case, I'm trying to allow a user to control the ORDER BY clause dynamically. <cfquery datasource="MyDSN" name="qIncidents"> SELECT IncidentID, AnimalID, IntakeDate, DxDate, OutcomeDate FROM Incidents WHERE ShelterID = <cfqueryparam cfsqltype="cf_sql_integer" value="#Arguments.ShelterID#"> ORDER BY <cfqueryparam cfsqltype="cf_sql_varchar" value="#SortBy#"> </cfquery> When I do this, I get the following error: The SELECT item identified by the ORDER BY number 1
订阅 cfqueryparam