Great resource! Thanks Mark.
On Jun 13, 2007, at 9:26 AM, Mark Lewis wrote: > There is documentation on the Adobe site for developer security > guidlines, a > link to the PDF is below. > > http://www.adobe.com/devnet/coldfusion/articles/dev_security/ > coldfusion_security.pdf > > Mark > > > ----- Original Message ----- > From: "Brian Petti" <[EMAIL PROTECTED]> > To: "CF-Newbie" <[email protected]> > Sent: Wednesday, June 13, 2007 1:52 PM > Subject: Re: SQL Suggestion - Tips Requested > > >> Very good. Thanks J.J. I will read up on those.. Is there a place >> where I can read about tips that CF newbies should follow? >> >> I noticed I left the DSN in my code snippet below.. I guess I will be >> changing that right away LOL.. Oh well. >> >> Anyway, I have never used cfqueryparam.. Anyway, if it would only >> take a second, could you convert my code below to show me what it >> would look like? If it will take a while don't bother, I will figure >> it out.. First things first, I have to go change the DSN now.. stupid >> me. >> >> Thanks again. >> -Bri >> >> P.S. Why is using the * not a great practice if I am using all the >> fields in each? Or is it because of the joins in case there was a >> field with the same name? >> >> >> On Jun 13, 2007, at 8:16 AM, J.J. Merrick wrote: >> >>> There are 3 things I am seeing with this query that would help >>> you... >>> >>> >>> 1. Since you are doing a X.ID = Y.ID you are essentially doing a >>> join, >>> though the more up-to-date way would be to specify INNER JOIN >>> >>> 2. The use of a * is not such a great practice. It is always >>> recommended to >>> layout everything you need and only what you need, even if you are >>> pulling >>> back all rows lay those out here. >>> >>> 3. You really should use a cfqueryparam, no and if's or buts about >>> it :-). >>> If you go read on CF-TALK about the SQL injections it will give you >>> the >>> reason why. Essentially this is a security measure that also has >>> some >>> performance benefits as well. >>> >>> >>> Happy CF'ing! >>> >>> J.J. Merrick >>> >>> >>> On 6/13/07, Brian Petti <[EMAIL PROTECTED]> wrote: >>>> >>>> Hi All, >>>> Is the code snippet below the correct way to get information from 2 >>>> tables? Should I specify a join in the SQL? This seems to work with >>>> out specifying it however. >>>> >>>> Thanks for any suggestions. >>>> >>>> -Brian >>>> >>>> >>>> <cfcomponent> >>>> <cffunction name="ListBusinesses" returntype="query"> >>>> <cfargument name="CatID" required="false" type="numeric" >>>> default="0"> >>>> <cfargument name="bizname" required="false" type="string"> >>>> <cfargument name="CountyID" required="false" >>>> type="numeric"> >>>> <cfargument name="City" required="false" type="string"> >>>> <cfargument name="stateid" required="false" type="numeric"> >>>> <cfargument name="zip" required="false" type="string"> >>>> <cfargument name="bizid" required="false" type="numeric"> >>>> >>>> <cfquery name="getBusinesses" >>>> datasource="kenhugh_america411"> >>>> SELECT >>>> * >>>> FROM >>>> tblBiz,tblLocation >>>> WHERE >>>> tblBiz.Countyid = >>>> tblLocation.Countyid >>>> AND >>>> CatID = #Val(Arguments.CatID)# >>>> <cfif isdefined >>>> ('arguments.bizname')> >>>> AND bizname LIKE '% >>>> #arguments.bizname#%' >>>> </cfif> >>>> <cfif arguments.CountyID GT 0 > >>>> AND CountyID = #val >>>> (arguments.CountyID)# >>>> </cfif> >>>> <cfif isdefined('arguments.City') > >>>> AND BizCity LIKE '% >>>> #arguments.City#%' >>>> </cfif> >>>> <cfif arguments.stateid GT 0 > >>>> AND stateid = #val >>>> (arguments.stateid)# >>>> </cfif> >>>> <cfif isdefined('arguments.zip')> >>>> AND bizzip LIKE '% >>>> #arguments.zip#%' >>>> </cfif> >>>> <cfif arguments.bizid GT 0 > >>>> AND bizid = '#arguments.bizid#' >>>> </cfif> >>>> </cfquery> >>>> >>>> <cfreturn getBusinesses> >>>> </cffunction> >>>> </cfcomponent> >>>> >>>> >>>> >>>> >>>> >>> >>> >> >> > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| ColdFusion MX7 and Flex 2 Build sales & marketing dashboard RIAâs for your business. Upgrade now http://www.adobe.com/products/coldfusion/flex2?sdid=RVJT Archive: http://www.houseoffusion.com/groups/CF-Newbie/message.cfm/messageid:2842 Subscription: http://www.houseoffusion.com/groups/CF-Newbie/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.15
