On 1/12/02, Jim Vosika penned:
>Hi,
> I know it's late but I have a newbie question for anyone awake.
>I am trying to make a text link that would sort records from a query. I
>would like to pass the parameter through the URL that says which column
>to sort by but can't figure out how. This brings up another question, am
>I using SQL/CFML properly to sort records on the fly. If you could tell
>me how to pass the url variable that would be wonderful! Here is my code
>so far:
Hi Jim. This is the easiest way, but less secure as it will display
the table names and allow for someone to manually enter a string to
pass to the query:
<CFPARAM NAME="url.orderBy" default="vehicleType">
<CFQUERY DATASOURCE="test" NAME="listVehicles">
SELECT *
FROM Table1
ORDER BY #url.orderBy#
</CFQUERY>
<tr>
<td align=center><b><a
href="mypage.cfm?orderBy=vehicleType">Vehicle Type</a></b></td>
<td align=center><b><a
href="mypage.cfm?orderBy=modelYear">Year</a></b></td>
<td align=center><b><a
href="mypage.cfm?orderBy=manufacturerName">Manufacturer</a></b></td>
<td align=center><b><a
href="mypage.cfm?orderBy=vehicleDescription">Description</a></b></td>
</tr>
To add some security, we could check for the valid url variables,
changing them to something a little shorter and hiding the table
names in the process:
<CFPARAM NAME="url.orderBy" default="vt">
<cfswitch expression="#url.orderBy#">
<cfcase value = "my">
<cfset variables.orderBy = "modelYear">
</cfcase>
<cfcase value = "mn">
<cfset variables.orderBy = "manufacturerName">
</cfcase>
<cfcase value = "vd">
<cfset variables.orderBy = "vehicleDescription">
</cfcase>
<cfdefaultcase>
<cfset variables.orderBy = "vehicleType">
</cfdefaultcase>
</cfswitch>
<CFQUERY DATASOURCE="test" NAME="listVehicles">
SELECT *
FROM Table1
ORDER BY #variables.orderBy#
</CFQUERY>
<tr>
<td align=center><b><a
href="mypage.cfm?orderBy=vt">Vehicle Type</a></b></td>
<td align=center><b><a
href="mypage.cfm?orderBy=my">Year</a></b></td>
<td align=center><b><a
href="mypage.cfm?orderBy=mn">Manufacturer</a></b></td>
<td align=center><b><a
href="mypage.cfm?orderBy=vd">Description</a></b></td>
</tr>
This way if anyone manually enters anything other than orderBy=vt (or
my, mn or vd) vehicleType will be passed to the Order By clause in
the query. Plus as I said, you won't be revealing the table names.
--
Bud Schneehagen - Tropical Web Creations
_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
ColdFusion Solutions / eCommerce Development
[EMAIL PROTECTED]
http://www.twcreations.com/
______________________________________________________________________
Dedicated Windows 2000 Server
PIII 800 / 256 MB RAM / 40 GB HD / 20 GB MO/XFER
Instant Activation · $99/Month · Free Setup
http://www.pennyhost.com/redirect.cfm?adcode=coldfusiona
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
