<cfqueryparam> the variables in the where statement ??? -----Original Message----- From: Chad Gray [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 14, 2008 1:45 PM To: CF-Talk Subject: any ideas
I would like to leave my Query open to take in any number of where statements. IE: <cfset arguments.clause = "JobID = 1"> <cfquery name="getJobs" datasource="#application.dsn#"> SELECT * FROM Jobs WHERE 1=1 <cfif len(arguments.clause)>AND #arguments.clause#</cfif> </cfquery> Of course the problem with doing this is SQL injection. Anyone have a good way of doing this and keep safe from SQL injection? Thanks! Chad ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;192386516;25150098;k Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:305278 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4