<cfqueryparam> the variables in the where statement ???
-----Original Message-----
From: Chad Gray [mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 14, 2008 1:45 PM
To: CF-Talk
Subject: any ideas
I would like to leave my Query open to take in any number of where
statements.
IE:
<cfset arguments.clause = "JobID = 1">
<cfquery name="getJobs" datasource="#application.dsn#">
SELECT *
FROM Jobs
WHERE 1=1
<cfif len(arguments.clause)>AND #arguments.clause#</cfif>
</cfquery>
Of course the problem with doing this is SQL injection.
Anyone have a good way of doing this and keep safe from SQL injection?
Thanks!
Chad
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad.doubleclick.net/clk;192386516;25150098;k
Archive:
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:305278
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
