I have this query:
<CFQUERY NAME="PropertyDetails" datasource="020">
SELECT PropertyDataID, PropertyAgentID, PropertyDataAgentReference, PropertyDataFlatNumberHouseName, PropertyDataStreetNumber, PropertyDataStreetName, PropertyDataVillageTown, PropertyDataCountyState, PropertyDataPostcodeZip, PropertyDataCountry, PropertyDataNumberofBedrooms, PropertyDataNumberofBathrooms, PropertyDataHouseType, PropertyDataPrice, PropertyDataDurationType, PropertyDataDescription, PropertyDataDateAdded
FROM PropertyData
WHERE PropertyDataID = #URL.PropertyDataID# AND PropertyAgentID = <cfqueryparam cfsqltype="cf_sql_integer" value="#client.propertyagentid#">
</CFQUERY>
Say if a user got to this page with a URL.PropertyID which equaled something in the database I thought that it wouldn't matter because of the rest of the WHERE clause stating that PropertyAgentID = Client.PropertyAgentID. When i try and access the page being a different client.PropertyAgentID, the page still displays but without the fields filled in, so i guess it works but wouldn't it be better if an error appeared. I thought that because the WHERE clause is false an error would occur but it doesn't.
Anyone know a simple way to make an error occur when a user somehow gets to run this query not being the correct client for that propertydataid (via a url)?
Cheers,
Stuart
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
