Do you have the option of moving your query logic into a stored proc?
It would be more secure.

Jeff

On Tue, Apr 26, 2011 at 2:32 PM, Kyle McLean <kmclea...@gmail.com> wrote:
>
> I've been working on a CF9 project, and I'm trying to take full advantage of 
> the cfscript syntax for my components. I have many cases where I'm using 
> dynamic SQL based on the existence of an optional argument in a function. In 
> CF8 and below it'd look something like this:
>
> <cffunction name="testFunc" returntype="query">
> <cfargument name="testArg" type="string" required="false" />
>
> <cfquery name="testQuery" datasource="testDSN">
> SELECT
> *
> FROM
> TBL
> <cfif structKeyExists(arguments.testArg)>
> WHERE
> COL = '#arguments.testArg#'
> </cfif>
> </cfquery>
>
> <cfreturn testQuery />
> </cffunction>
>
> Is there an elegant way to do the same thing using cfscript? I haven't had 
> any luck with string concatenation in the setSQL method of the query object 
> (and it's kind of clunky to boot). I'd also hate to have to write two 
> almost-identical blocks of code one with the where clause and one without and 
> then apply the correct string to setSQL at runtime, although I assume that 
> would solve my problem.
>
> I'd also like to use query binding, just to make things more complicated. Is 
> there some sort of cleaner approach that I'm missing, or is this just one of 
> the downsides to using cfscript?
>
> Thanks in advance!
>
> 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344003
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Reply via email to