Thanks,
I have corrected everything and looked up cdqueryparam tag in Forta's
book.
Now it tells me that my datasource is undefined: Variable MYDSN is
undefined.
Is there anything special that one has to do? I created the DSN in
the admin setup and it is found there.
Can I simply not say MyDSN in the cfquery statement.
-Jason
On Nov 10, 2006, at 9:55 PM, Rick Root wrote:
> Jason T. Slack wrote:
>>
>> <CFAPPLICATION NAME="mysession" SESSIONMANAGEMENT="Yes"
>> SESSIONTIMEOUT="#CreateTimeSpan(0, 0, 20, 0)#">
>
> PRoblem #1: <cfapplication> ONLY goes in a file called Application.cfm
>
> The application.cfm is processed on EVERY coldfusion request.
>
> Problem #2: <!--- successful login -->
>
> You've combined a CFML open comment ("<!---") with a standard HTML
> comment end "-->")
>
> Problem #3 - ALWAYS USE CFQUERYPARAM in your queries.
>
> so replace your variable parameters in the query with cfqueryparam
> tags,
> like this:
>
> <cfquery name="ckCreds" datasource="#MyDSN#">
> SELECT LocationName FROM
> WHERE LocationID = <Cfqueryparam cfsqltype="cf_sql_varchar"
> value="#form.user#">
> AND LocationPassword = <cfqueryparam
> cfsqltype="cf_sql_varchar"
> value="#form.password#">
> </cfquery>
>
>
> Just get used to using cfqueryparam now and it will save you a LOT of
> grief later. It improves performance and enhances security -
> eliminates
> the possibility of SQL injection.
>
> Rick
>
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting,
up-to-date ColdFusion information by your peers, delivered to your door four
times a year.
http://www.fusionauthority.com/quarterly
Archive:
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:259986
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
