Hi guys,
I have this query:
<CFQUERY NAME="PropertyDetails" datasource="020">
SELECT PropertyDataID, PropertyAgentID, PropertyDataAgentReference, PropertyDataFlatNumberHouseName, PropertyDataStreetNumber, PropertyDataStreetName, PropertyDataVillageTown, PropertyDataCountyState, PropertyDataPostcodeZip, PropertyDataCountry, PropertyDataNumberofBedrooms, PropertyDataNumberofBathrooms, PropertyDataHouseType, PropertyDataPrice, PropertyDataDurationType, PropertyDataDescription, PropertyDataDateAdded
FROM PropertyData
WHERE PropertyDataID = #URL.PropertyDataID# AND PropertyAgentID = <cfqueryparam cfsqltype="cf_sql_integer" value="#client.propertyagentid#">
</CFQUERY>
Say if a user got to this page with a URL.PropertyID which equaled something in the database I thought that it wouldn't matter because of the rest of the WHERE clause stating that PropertyAgentID = Client.PropertyAgentID. When i try and access the page being a different client.PropertyAgentID, the page still displays but without the fields filled in, so i guess it works but wouldn't it be better if an error appeared. I thought that because the WHERE clause is false an error would occur but it doesn't.
Anyone know a simple way to make an error occur when a user somehow gets to run this query not being the correct client for that propertydataid (via a url)?
Cheers,
Stuart
[Todays Threads]
[This Message]
[Subscription]
[Fast Unsubscribe]
[User Settings]
- CFQUERY Tony Turner -CFUG
- CFQUERY Tyler Clendenin
- RE: CFQUERY Aidan Whitehall
- RE: CFQUERY Ken Wilson
- RE: CFQUERY Ben Forta
- Re: CFQUERY Tyler Clendenin
- RE: CFQUERY Aidan Whitehall
- RE: CFQUERY Matthew Fusfield
- RE: cfquery Stuart Kidd
- RE: cfquery Philip Arnold
- RE: cfquery Pascal Peters
- RE: cfquery Stuart Kidd
- RE: cfquery Philip Arnold
- RE: cfquery Stuart Kidd
- RE: cfquery Philip Arnold
- CFQuery Christian Watt
- Re: CFQuery Qasim Rasheed
- RE: CFQuery Christian Watt
- Re: CFQuery Qasim Rasheed