RE: AJAX CFGRID will not sort by column?
To be a bit more exact, you can only use cfqueryparam in a place where a regular SQL parameter could be used. For MSSQL server, this could be in the WHERE clause, the SELECT clause, JOINs, etc. However, SQL Server doesn't allow you to do this: DECLARE @orderBy varchar(50) SET @orderBy = 'name' SELECT name FROM person ORDER BY @orderBy Therefore, you cannot parametrize that portion of a select with a cfqueryparam either. The important thing to come away from this with is that you still need to prevent SQL Inject attacks! Blindly outputting the values sent in from an Ajax call could be hazardous to ones server. One method is to check the contents of ARGUMENTS.gridsortcolumn and ARGUMENTS.gridsortdir against a list of known good values. ORDER BY #argumentsgridsortcolumn# DESC ~Brad Original Message -------- Subject: Re: AJAX CFGRID will not sort by column? From: Glyn Jackson Date: Tue, November 03, 2009 5:50 am To: cf-talk Thanks Ray, seems strange, I did not know that. ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:327955 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: AJAX CFGRID will not sort by column?
Thanks Ray, seems strange, I did not know that. ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:327951 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: AJAX CFGRID will not sort by column?
You can't use QueryParams for the order by (or dir) parts of SQL. It can only be used for values in WHERE clauses. On Tue, Nov 3, 2009 at 5:30 AM, Glyn Jackson wrote: > > Found the issues on this line... > > ORDER BY value="#ARGUMENTS.gridsortcolumn#"> value="#ARGUMENTS.gridsortdir#"> > > it seems to work without the cfqueryparam. can anyone tell me why this is the > case? > > ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:327950 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: AJAX CFGRID will not sort by column?
Found the issues on this line... ORDER BY it seems to work without the cfqueryparam. can anyone tell me why this is the case? ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:327949 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
