Scott:
That error usually indicates an error with the query itself, not necessarily
an error with the value passed in. For example, you may be missing a comma
after the 10th parameter (i.e., the 10th cfqueryparam). Send the SQL code
from the debug info and let's see what we can do.
--
Mosh Teitelbaum
evoch, LLC
Tel: (301) 942-5378
Fax: (301) 933-3651
WWW: http://www.evoch.com/
-Original Message-
From: Scott Stewart [mailto:[EMAIL PROTECTED]
Sent: Friday, August 08, 2008 4:04 PM
To: CF-Talk
Subject: Break from the SQL Injection thread weird SQL error
[Macromedia][SQLServer JDBC Driver][SQLServer]Line 28: Incorrect syntax
near '@P10'.
I haven't the foggiest idea what's going on here.
here's the passed in params from the java trace:
(param 1) = [type='IN', class='java.lang.String', value='Elmer',
sqltype='cf_sql_varchar'] ,
(param 2) = [type='IN', class='java.lang.String', value='J',
sqltype='cf_sql_varchar'] ,
(param 3) = [type='IN', class='java.lang.String', value='Fudd',
sqltype='cf_sql_varchar'] ,
(param 4) = [type='IN', class='java.lang.String', value='0',
sqltype='cf_sql_varchar'] ,
(param 5) = [type='IN', class='java.lang.String', value='0',
sqltype='cf_sql_varchar'] ,
(param 6) = [type='IN', class='java.lang.String', value='0',
sqltype='cf_sql_varchar'] ,
(param 7) = [type='IN', class='java.lang.String',
value='[EMAIL PROTECTED]', sqltype='cf_sql_varchar'] ,
(param 8) = [type='IN', class='java.lang.String', value='703-555-1212',
sqltype='cf_sql_varchar'] ,
(param 9) = [type='IN', class='java.lang.String', value='3120',
sqltype='cf_sql_varchar'] ,
(param 10) = [type='IN', class='java.lang.String', value='Academic
Advising', sqltype='cf_sql_varchar'] ,
(param 11) = [type='IN', class='java.lang.Boolean', value='false',
sqltype='CF_SQL_BIT'] ,
(param 12) = [type='IN', class='java.lang.Boolean', value='false',
sqltype='CF_SQL_BIT'] ,
(param 13) = [type='IN', class='java.lang.String', value='Web',
sqltype='cf_sql_varchar'] ,
(param 14) = [type='IN', class='java.lang.Boolean', value='true',
sqltype='CF_SQL_BIT'] ,
(param 15) = [type='IN', value='null', sqltype='CF_SQL_DATE'] ,
(param 16) = [type='IN', class='java.lang.String', value='{d
'2008-08-08'}', sqltype='CF_SQL_DATE']
It's just a simple insert, and everything lines up (I think)
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad.doubleclick.net/clk;203748912;27390454;j
Archive:
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310574
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4