RE: Get Actual Query Run

Fri, 14 Feb 2003 08:23:53 -0800 

Can you explain that?  I don't understand why preservesinglequotes is
necessary,m other than when writing the query to file, when sql
injection isn't a factor.

Matthew Small
IT Supervisor
Showstopper National Dance Competitions
3660 Old Kings Hwy 
Murrells Inlet, SC 29576
843-357-1847
http://www.showstopperonline.com

-----Original Message-----
From: Mark A. Kruger - CFG [mailto:[EMAIL PROTECTED]] 
Sent: Friday, February 14, 2003 11:22 AM
To: CF-Talk
Subject: RE: Get Actual Query Run

Michael,

If you do this in production mode for some reason watch out.  You will
be
forced to use "preservesinglequotes( )" to maintain your query.  This
will
expose you to SQL injection unless you scrub all the user input first.
There
are some scrubbing UDFs on Ray's UDF  site I believe.

-Mark

-----Original Message-----
From: Matthew Small [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 14, 2003 10:11 AM
To: CF-Talk
Subject: RE: Get Actual Query Run


So write the code that is in your cfquery into a file:


<cfquery datasource="dsn">
 select * from table where id = #id#
</cfquery

<cfset querystring = " select * from table where id = #id#">
<cffile mode=write" variable="querystring">

I think you can get the idea from here



Matthew Small
IT Supervisor
Showstopper National Dance Competitions
3660 Old Kings Hwy
Murrells Inlet, SC 29576
843-357-1847
http://www.showstopperonline.com

-----Original Message-----
From: Michael Ross [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 14, 2003 11:02 AM
To: CF-Talk
Subject: Get Actual Query Run

I have a question.  I have a query that is built depending on many
things, the where statement, order by, actual columns asked for that
kinda thing.....  I want to save what the actual sql text is that ran
that query.  Like what you can see in the debugging code.  Does this
make sense?  Any help would be great.




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

                                Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Reply via email to