You need to verify that the search terms you are providing for that column are
numeric. The cfqueryparam does that but returns an error when it finds a
problem. It's up to you to make sure that you are providing the proper type
for the columns you are querying. In this case if the search ter
you should ask whoever manages the server, as updating to new java versions
can have bizzare results like this where everything seems to work except
one random thing.
you can also see the java version being used on the info page in cfadmin.
you should also try rebuilding your conenctors, as they
Do any other CF requests work on that server?
Sounds like a web connector issue perhaps.
Byron Mann
Lead Engineer & Architect
HostMySite.com
On Jul 9, 2013 6:11 PM, "Chris Johnson" wrote:
>
> Really odd issue we've been having.. We have a scheduled task that hits
> another database server to g
Not sure.. we don't handle much of the system software/hardware on the box. Do
you know what that may affect or how to check when it was updated?
>Has anyone updated the java version by any chance
>
>Russ Michaels
>www.michaels.me.uk
> On 9 Jul 2013 23:11, "Chris Johnson" wrote:
>
>>
Has anyone updated the java version by any chance
Russ Michaels
www.michaels.me.uk
On 9 Jul 2013 23:11, "Chris Johnson" wrote:
>
> Really odd issue we've been having.. We have a scheduled task that hits
> another database server to get a full list of employees. It then runs
> through the user
list of towns is not really a huge query, just do it once and cache and
then do a query of query for your auto complete.
On Mon, Jan 7, 2013 at 2:06 PM, Stephens, Larry V wrote:
>
> A related question: I have a table of towns that has ~20,000 records. The
> dataset I need has the record ID, to
A related question: I have a table of towns that has ~20,000 records. The
dataset I need has the record ID, town name, a memo field (usually empty), and
fields holding an index into other tables (township, county, state, country).
In my form I have a select field to pick the town. I don't want
On Sat, Jan 5, 2013 at 8:25 AM, Russ Michaels wrote:
> 2 simple solutions are.
>
> 1. Dont query all the data at all, instead provide a search form to get at
> specific records, which is usually much simpler thsn paging through
> hundreds or thousands of records.
> 2. Only query the primary keys
Another method, assuming you're using MS SQL Server (not sure how far
this goes back compatibility-wise) is to toss in the criteria for the
full search, but then to only pull back X rows:
WITH Results_Full AS (
SELECT Field1, Field2, Field3, ROW_NUMBER()
OVER (ORDER BY Field1)
Very slick. Thanks guys!
--Ben
On 1/5/2013 3:39 PM, =?ISO-8859-1?Q?Claude_Schn=E9egans wrote:
> >>2. Only query the primary keys, and then loop over that list grabbing x
> records at a time and doing a new query to get all rows for those keys.
>
> This is a pretty good method.
> I tested it o
Glad it helped. Also dont forget u.can cache the original primary key query
too.
Regards
Russ Michaels
www.michaels.me.uk
www.cfmldeveloper.com - Free CFML hosting for developers
www.cfsearch.com - CF search engine
On Jan 5, 2013 10:39 PM, <> wrote:
>
> >>2. Only query the primary keys, and the
>>2. Only query the primary keys, and then loop over that list grabbing x
records at a time and doing a new query to get all rows for those keys.
This is a pretty good method.
I tested it on a database containing about 45 records with a seach template.
I give a very loose criterion on purpos
Actually there are ways to step through a result set using database
functions so that you do bot store huge resultsets in memory, if you google
it then you will find some examples.
2 simple solutions are.
1. Dont query all the data at all, instead provide a search form to get at
specific records
That's what I suspected. Much appreciated.
--Ben
On 1/4/2013 6:40 AM, Dave Watts wrote:
>> A question came up recently with one of my client developers who is
>> potentially
>> returning a large # of rows from a query. The question was whether the
>> result
>> set is stored in memory or spoo
> A question came up recently with one of my client developers who is
> potentially
> returning a large # of rows from a query. The question was whether the result
> set is stored in memory or spooled to disk somewhere. I didn't know but
> assumed
> it was memory resident.
>
> Anyone know the
o: cf-talk
Subject: Re: CFQuery to Database
if its just a few records then use query of query to get your subset of results
and then insert the results into database B
if this is a regular occurrence and happens often then then you may want to
look at creating a DTS script on your SQL server and
if its just a few records then use query of query to get your subset of
results and then insert the results into database B
if this is a regular occurrence and happens often then then you may want to
look at creating a DTS script on your SQL server and scheduling that to do
the job.
On Sat, Mar
> CFSQLType ='CF_SQL_VARCHAR'>
Also for date columns use a date/time type instead of varchar. If the column
contains dates (only) you can use cf_sql_date, which truncates the time portion.
WHERE EXPIRATIONDATE = http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
WHERE EXPIRATIONDATE =
Sent from my Samsung Galaxy SII
On Mar 4, 2012 7:54 AM, "Barry Mcconaghey" wrote:
>
> Hello.
>
> I'm trying to get this cfquery to match a database field
> EXPIRATIONDATE(date) 2012-3-04 and do a recordcount but it is not working.
>
>
>
>
> SELECT EXPIRATIONDATE
>
Thanks for your assistance
~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messagei
Start here and let us know if you have any trouble:
http://www.cfscreencast.com/2007/12/6/retrieving-data-from-mysql-using-cfquery/
http://www.coldfusion-ria.com/Blog/index.cfm/2009/12/14/ExtJS-30-Editor-Grid-with-ColdFusion
(I
didn't see an ExtJS 4 example on Google. Perhaps 3 will work for you?
What DBMS are you using? MSSQL, MYSQL, Access (bleeackk!), other?
MSSQL uses single quotes in the WHERE clause. However, if you use
cfqueryparam for all of your where clause pieces, single quotes in your
strings should pass through in the database request just fine.
What is the data type of t
Yes, and if this is form input, you should be using cfqueryparam anyway.
Please see the news for Sony's latest data hack, which was simple web-based
SQL injection. cfsqltype will need to match column datatype in each case.
SELECT Formation, Play, BallCarrier, YardsGained, Result
FROM PlaysCa
Mark, there is an excellent SQL tutorial here: http://www.w3schools.com/sql/
If you figure out exactly how joins work, it will make writing SQL so
much easier for you.
Sub-selects like Greg used are also very useful.
A few hours spent on this site will save you hours of struggle later.
On Thu,
it to produce the same results, which I will
do.
Thanks again,
Mark
-Original Message-
From: Greg Morphis [mailto:gmorp...@gmail.com]
Sent: Thursday, May 26, 2011 11:48 AM
To: cf-talk
Subject: Re: cfquery select question
If they all return 1 row use this..
select * from table3 t3
where
If they all return 1 row use this..
select * from table3 t3
where t3.ID = (
select t2.ID
from table2 t2
where t2.productcode = (
select t1.productcode
from table1 t1
where t1.ordernumber = [whatever]
)
)
If they retu
SELECT DISTINCT table3.ID, table3.Company
FROM table3 INNER JOIN
table2 ON table3.ID = table2.t2_ID INNER JOIN
table1 ON table2.ordernumber = table1.ordernumber
WHERE (table1.productcode LIKE '%a certain string%')
On Thu, May 26, 2011 at 11:
s not referring to a url
it reloads the same page.
This was driving me crazy.
Dan
-Original Message-
From: Kym Kovan
Sent: Tuesday, April 19, 2011 7:23 AM
To: cf-talk
Subject: Re: CFQUERY update Firefox wierdness
On 19/04/2011 8:46 PM, Dan Blickensderfer wrote:
>
> I checked and
On 19/04/2011 8:46 PM, Dan Blickensderfer wrote:
>
> I checked and it's turned off. This is happening from multiple computers
> with Firefox.
>
> Any other thoughts?
in that case turn it on and look at what the browser is sending...
--
Yours,
Kym Kovan
mbcomms.net.au
I checked and it's turned off. This is happening from multiple computers
with Firefox.
Any other thoughts?
-Original Message-
From: Matt Quackenbush
Sent: Tuesday, April 19, 2011 12:20 AM
To: cf-talk
Subject: Re: CFQUERY update Firefox wierdness
Wild guess: Firebug is turn
Wild guess: Firebug is turned on and is adding a second "click" to the flow.
~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive:
http://www.hou
tag has absolutely nothing to do with any browser - it is
executed by cf on the server side.
i would check your page's html and javascript instead - that's where
browser differences can come into play.
how do you submit your form to add item to cart - ajax or regular form
submit?
how do you
Hi
I never seen that.. but the first thing I would look at is to set
up a way to see how many times that action page is run. Perhaps insert a
GetTickCount counter into a log file when the action page is
run.. First look to see how it works in IE, then try firefox.
At 06:55 PM 4/18/2011, y
The behavior change might be due to updated drivers, which is the most
common source of modified database behavior. You can probably fix this
either in CF, using something like NumberFormat, or cfqueryparam, or using
casting in SQL Server. If this is a lot of work for you, it might be worth
it to
>Looks like you might need to revise the procedure to CAST the calculated
>value back to Numeric(10,2) before returning it?
>Carl
Yeah, which is what we're doing for this one to resolve the issue.
But since this is a legacy, third-party, application ... it worries me the
number of places this
Looks like you might need to revise the procedure to CAST the calculated
value back to Numeric(10,2) before returning it?
Carl
On 2/16/2011 2:30 PM, James Skemp wrote:
> Thanks Mike.
>
> Opened up the procedure and gave it a look. It looks like there's some
> multiplication and division going o
Thanks Mike.
Opened up the procedure and gave it a look. It looks like there's some
multiplication and division going on, which is resulting in a change. Relevant
part for one of the returned values:
MemberPrice =
(case when qp.productid is null then p.MemberPrice
else
Why would a SQL cast fix the issue? Casting a numeric(10,2) to a
numeric(10,2) would not solve anything, which means that the value you are
casting to numeric must be of a different data type, likely float or
varchar. Floating point numbers often display in scientific notation. The
numeric value
>It occurred to me that I should first ask if this issue is causing any
>problems, or if it is only an unexpected way to format a number? For example
>0.00 = 0E-8. They are both the same number regardless of how they are
>displayed.
Unfortunately, it is causing an issue in this particular instanc
It occurred to me that I should first ask if this issue is causing any
problems, or if it is only an unexpected way to format a number? For example
0.00 = 0E-8. They are both the same number regardless of how they are
displayed.
For clarification, which number has the unexpected formatting, the v
Thanks for the clarification questions, Mike.
>What is the data type of the field in SQL Server?
numeric(10,2)
> If you run the query in Management Studio, what do you see for that value?
0.00
> How are you outputting the value in CF to see the 0E-8 number?
In a tossed error it was displayed
What is the data type of the field in SQL Server? If you run the query in
Management Studio, what do you see for that value? How are you outputting
the value in CF to see the 0E-8 number? What tag are you using to call the
stored procedure in ColdFusion? Which version of MS SQL Server are you
usin
Rick Eidson wrote:
> It's political and we's IT people don't not
> know what were talkin bout...
Oh. One of those deals. (How familiar ;-) Well it looks like Mark has you on
the right path.
Mark wrote:
> While I agree with you about a CSV file in many cases, Leigh,
> sometimes this is useful
Thanks! Looks like I am kind of on the right track... I will read up on this
link...
Rick
-Original Message-
From: Mark A. Kruger [mailto:mkru...@cfwebtools.com]
Sent: Wednesday, January 05, 2011 9:23 PM
To: cf-talk
Subject: RE: CFQuery to mdb
You can seed a database with the schema
> But why does it need to be a full Access database? Providing a delimited
file users could import is simpler and more flexible. As it could be
imported into both Excel and Access.
I asked the same question... It's political and we's IT people don't not
know what were talkin bout...
One of the
-Original Message-
From: Leigh [mailto:cfsearch...@yahoo.com]
Sent: Wednesday, January 05, 2011 7:17 PM
To: cf-talk
Subject: Re: CFQuery to mdb
> just seems like more than I need to do.
I do not think so. It is not like exporting html/excel. An Access database
consists of mo
> just seems like more than I need to do.
I do not think so. It is not like exporting html/excel. An Access database
consists of more than just the data itself (system tables, etcetera). So I am
not sure there is a simpler way. Maybe using ms sql's export tools ..
But why does it need to be a
alternatively could the problem be before the data is put into mysql. basically
we are using an extjs text area to collect data, that passes the data over to a
form which we put straight in the database. should we be doing anything with
that data such as escaping it?
> Hi,
>
> i have data st
thanks for everyones help, its now solved!
the reason i am building it through a string is because it is interacting with
various extjs grids, which apply filters. i have a generic function that
creates the havingclause to filter the data.
i ran the havingclause through a loop printing out 1
If it was MSSQL, you would want single quotes, so more like this:
SELECT viewname, categoryname FROM views LEFT OUTER JOIN viewcategories on
views.categoryid = viewcategories.categoryid GROUP BY viewname HAVING 0 = 0
AND categoryname IN ('''s') ORDER BY viewname ASC LIMIT 0, 300
Instead
thanks, although the problem is there is no error to catch. when we run a
cfdump of the query, the sql is as follows:
SELECT viewname, categoryname FROM views LEFT OUTER JOIN viewcategories on
views.categoryid = viewcategories.categoryid GROUP BY viewname HAVING 0 = 0 AND
categoryname IN ("aaa
Wrap your actual cfquery with cftry and then cfoutput the variable cfcatch.sql
...
#cfcatch.sql#
Then post that sql here.
Rick
~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-
Or instead of using a variable, if you can just put the clause in the SQL
statement, let the list param do the work for you:
HAVING categoryname IN ( )
~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Ad
On 9/16/2010 6:44 AM, Richard White wrote:
> thanks for the replies, although the preserveSingleQuotes doesnt work
You should be looking at the actual SQL that is being sent to the
database. It would be provide clear evidence of what is wrong.
Looking at this line:
You may want to investig
thanks for the replies, although the preserveSingleQuotes doesnt work
> hi, we are running a cfquery with the following sql statement:
>
> SELECT viewname, categoryname FROM views LEFT OUTER JOIN
> viewcategories on views.categoryid = viewcategories.categoryid GROUP
> BY viewname HAVING categ
yea so don't forget to do your own SQL injection protection as well.
On Thu, Sep 16, 2010 at 1:54 PM, Rick Root wrote:
>
> Aside from my trepidations about generating SQL like this because it
> prevents you from using , what you're looking for is
> #preserveSingleQuotes()#
>
> coldfusion autom
I'm with Rick. You should really change it up a wee bit so you can use
cfqueryparam. It has many advantages.
On Thu, Sep 16, 2010 at 8:54 AM, Rick Root wrote:
>
> Aside from my trepidations about generating SQL like this because it
> prevents you from using , what you're looking for is
> #prese
Aside from my trepidations about generating SQL like this because it
prevents you from using , what you're looking for is
#preserveSingleQuotes()#
coldfusion automatically escapes any single quotes in variables that
are within a tag so if your query SQL is a variable
select blah blah blah
from
toJson is better if you have room for the server-side overhead, and
don't mind writing methods that can't be used in any other scenario than
via Ajax. CFQueryReader is solely a client side solution, so that you
can reuse your server-side code in any way that you see fit.
Steve "Cutter" Blades
in fact toJson is even better for th job: http://tojson.riaforge.org/
> thanks, sorry dont think i was clear enough, i knew about
> serializejson but this doesnt work with extjs, in case anyone else
> stumbles on this post and is interested i found the following:
> http://blog.cutterscrossing.
thanks, sorry dont think i was clear enough, i knew about serializejson but
this doesnt work with extjs, in case anyone else stumbles on this post and is
interested i found the following:
http://blog.cutterscrossing.com/index.cfm/CFQueryReader
>Google is your friend:
>
>Search "cfquery to jso
Google is your friend:
Search "cfquery to json" and get:
http://www.coldfusionjedi.com/index.cfm/2007/9/20/Quick-and-Dirty-JSONQuery-Example
On Mon, Jun 7, 2010 at 11:53 AM, Richard White wrote:
>
> hi,
>
> is there a quick and easy way to convert a cfquery into a json array. i
> will be retu
Couldn't you just say:
[...] cflogic [...]
Sebastiaan
=
So long and thanx 4 all the fish
==> Onlinebase.nl
> -Original Message-
> From: fun and learning [mailto:funandlrnn...@gmail.com]
> Sent: Thursday, 15 April 2010 6:13 AM
> To: cf-talk
>
Any reason you are doing it this way and not just no javascript and use
cfdump instead?
-Original Message-
From: fun and learning [mailto:funandlrnn...@gmail.com]
Sent: Thursday, 15 April 2010 6:13 AM
To: cf-talk
Subject: cfquery within javascript
hi,
I am trying to do the following:
What are you trying to show. If you want a literal put your alert results in
quotes. alert("#query2.RecordCount#");
Robert B. Harrison
Director of Interactive Services
Austin & Williams
125 Kennedy Drive, Suite 100
Hauppauge NY 11788
P : 631.231.6600 Ext. 119
F : 631.434.7022
http://www.aus
If the query is executing correctly but bringing back no records, this
should work with blahname.recordcount equal zero . If the query is
not executing correctly, blahname.recordcount will not equal zero.
On Wed, Mar 31, 2010 at 10:59 AM, Dave Sueltenfuss
wrote:
>
> I'm running into an odd be
Ok, found the cause of the issue, by taking the query into SQL Server
In SQL, the following is being returned
*Warning: Null value is eliminated by an aggregate or other SET operation.
(0 row(s) affected)*
So it appears this is what is throwing off the query results in CF
I am working on res
You are correct that it should work, but they maybe something else in the
code which is preventing the query from being executed. On the top of your
page add:
And that will deal with the case where the query is not executed.
Robert B. Harrison
Director of Interactive Services
Austin &
You are correct, the record count for an empty query object does exist (and
should be 0). What exactly is not working? Are you getting an error
message?
On Wed, Mar 31, 2010 at 1:59 PM, Dave Sueltenfuss wrote:
>
> I'm running into an odd behavior with CFQUERY (at least I think it is odd)
>
>
Your cfif statement asks for the recordCount to be returned
on if the recordCount is greater than 0.
Try cfif blahName.recordcount GTE 0 and you should
get the recordCount either way.
Rick
-Original Message-
From: Dave Sueltenfuss [mailto:dsueltenf...@gmail.com]
Sent: Wednesday, March
In CF8 there is cfdbinfo This function below will return a query object the
following fields (see below).
http://www.cfquickdocs.com/cf8/?getDoc=cfdbinfo#cfdbinfo
If you don't have CF 8 you will have to query the metadata based on the SQL
dialect for that particular database. You can look at the
You can usually get that info from the database's system tables, depending
on your RDBMS. (In the following queries, 'typename' will give you the
datatype.)
MSSQL:
SELECT syscolumns.colid,
syscolumns.name,
syscolumns.colorder AS sortorder,
> Hello. Is there a way to return a datatype list from
> your query along with the column list? Example:
IIRC, there is no direct method. But you could certainly extract that
information using getMetaData()
~|
Want t
Or figure out why its running slowly, and make it run faster. =)
Rick
On Thu, Oct 8, 2009 at 12:01 PM, Adam Haskell wrote:
>
> Run it in a thread with CFthread and put a timeout on the cfjoin.
>
> Adam
>
>
> On Thu, Oct 8, 2009 at 8:47 AM, Vamsi Pappu wrote:
>
>>
>> Hi All,
>>
>> I have a sit
Run it in a thread with CFthread and put a timeout on the cfjoin.
Adam
On Thu, Oct 8, 2009 at 8:47 AM, Vamsi Pappu wrote:
>
> Hi All,
>
> I have a situation here where cfquery doesn't seem to be performing well on
> jdbc driver, when I read in forums it was clearly mentioned that cfquery
> ti
How about installing SeeFusion and enabling one of its rules to kill
threads that run for a certain about of time? If there is a running
query it will kill it.
It may be a hammer where you wanted a scalpel, but it would work. Since
requests who area waiting for external I/O can't monitor themse
select
iif(lm.user_id = s.lead_mgr, (lm.first + ' ' +
lm.last) , s.lead_note) as leadMgr,
I think you want it this way, using a CASE statement for the leadmgr
column. I also moved all your subselects into left joins, which should
give a bit better performance.
select
s.address + ' ' + s.address2 + ' ' + s.address3 + ',' + s.city + ',' +
s.state + ',' + s.city as office_addres
Check this out. This one, as I've said before, outputs a number around 3000.
select top 2 *
from table
#cfquery.ExecutionTime#
However, this one results in an error: Error Executing Database Query.
[Macromedia][SQLServer JDBC Driver]Execution timeout expired.
se
The docs say, no, it may not timeout at 1 second. Check out the
livedocs... "Because the timeout attribute only affects the maximum
time for each suboperation of a query, the cumulative time may exceed
its value."
And, even then, the query stuff is considered to be 3rd party (or at
least, s
o: cf-talk
Subject: Re: CFQUERY Timeout for SQL2005 Fails
Hi Mark,
To answer your question -- there's a DDL transaction that's running on the
server, and from what the folks have told me, an ALTER TABLE command was
causing the lock to occur. And the downside is that giving hints (i.e
Hi Mark,
To answer your question -- there's a DDL transaction that's running on the
server, and from what the folks have told me, an ALTER TABLE command was
causing the lock to occur. And the downside is that giving hints (i.e., WITH
(NOLOCK)) is not going to have an effect in this situation.
Also -- this may just be me being dense, but I don't get why the TIMEOUT
feature in CFQUERY has to work this way. It's CF that's making the initial
request to the datasource, so it should start counting down from the moment it
creates that request. And then after waiting for a predetermined p
Mark and Casey,
Thanks for clarifying this for me. I don't own the SQL Server that I need to
hit, so it looks like I'm between a rock and a hard place.
I still don't think the TIMEOUT parameter is working, though. In my example,
I'm hitting a database that is fully operational, and I have a
This is an interesting thread, I've seen what I believe to be very similar
behaviour here on one of my webservices, seemed that one particular query
sometimes just hangs indefinitly, however other threads and requests are all
just fine.
I tried playing around with application request timeouts,
g Woo [mailto:s...@cornell.edu]
Sent: Wednesday, April 15, 2009 7:58 AM
To: cf-talk
Subject: Re: CFQUERY Timeout for SQL2005 Fails
Anyone? Bueller? I really need an answer to this -- even though I'm
running Fusion Reactor and can keep a survival strategy, this is no way to
keep a server ru
On Tue, Apr 14, 2009 at 5:25 PM, Sung Woo wrote:
>
> Hi Casey,
>
> What happened today is that the SQL server basically locked up. CF kept
> waiting for the request to come back, but it never did because it just hung
> infinitely. It seems as if CF waits forever in a case like this, so it's
>
Anyone? Bueller? I really need an answer to this -- even though I'm running
Fusion Reactor and can keep a survival strategy, this is no way to keep a
server running. Is there anyone out there who's successfully used the TIMEOUT
parameter in CFQUERY with CFMX 7.0.2 and SQL 2005 Standard?
> H
Hi Casey,
What happened today is that the SQL server basically locked up. CF kept
waiting for the request to come back, but it never did because it just hung
infinititely. It seems as if CF waits forever in a case like this, so it's
vital that I can kill the connection from the CFQUERY.
The
how about adding WITH (NOLOCK)
If your queries are just selecting data, i'd use WITH (NOLOCK)
that way you don't need to wait for transactions to finish if that table
gets heavy inserts
> select top 2 * WITH (NOLOCK)
> from table
>
On Tue, Apr 14, 2009 at 4:58 PM, Sung Woo
Actually, I was wrong -- even doesn't work, because it still waits for the cfquery
to finish before it outputs the timeout error. Is there any solution for this?
The database we're relying on is unstable and we need to be able to kill the
query sooner.
Thanks,
- Sung
> Here's my test:
>
This is the syntax for doing it with an array of structures:
SELECT * FROM Tablename
What would be the syntax for using a structure of structures?
> > Q: What's the best way to return two structures from a function?
> > Should I return an array of structures or can I return the
> resultI
> Q: What's the best way to return two structures from a function?
> Should I return an array of structures or can I return the resultInfo in one
> of the arguments
> from the calling program?
Well, strictly speaking, if you set the value of something within the
calling program that's not return
>>and have already picked up a nugget.
A tasty one at that. Thanx for sharing.
>>Should I return an array of structures
I would say yes. From what I have been reading, arrays of structures is the
standard way to exchange data between platforms (Think web services). If you
do it that way (arrays
> Thanks for the link. I see that you authored this article. Very well
> laid out. I understand SQL Injection and qhy to use CFQUERYPARAM.
> What I did not see in the article was how to take a CFSET statement
> that builds a SQL String and put CFQUERYPARAMS into it and make it
> work.
>
> Like:
>
Hi Dave,
Thanks for the reply.
>Second, and more importantly, using raw data from the browser like
>that is a serious security vulnerability. Whenever you use unsafe data
>within a query, you should build a prepared statement using the
>CFQUERYPARAM tag:
>
>http://www.adobe.com/devnet/coldfusion/
> I am reviewing CF and working on a small site to get my skills back up to
> par.
>
> Here is what I have:
>
>
>
>#theSQL#
>
>#theSQL#
>
> I am getting an error about SQL Statement being invalid:
>
> ...
>
> Notice that PrivacyPolicy has ³² around it..I am not putting it there. If I
> put
On Wednesday 07 Jan 2009, Andrew Tegenkamp wrote:
> can I fix it?
You can, but shouldn't. Constructing raw SQL strings is dangerous, security
wise.
I expect your real use case is more complex, but rewriting it to :
INSERT INTO users(userName) VALUES()
is trivial.
--
Tom Chiverton
Help
Andrew Tegenkamp wrote:
> Why is this
Because CF automatically escapes all single quotes in variables used
inside of a block.
> and can I fix it?
Use the perserveSingleQuotes() function whose purpose is to over ride
this default behavior.
Just be aware that if you are not careful, it is re
>> Actually, I'm gonna pick on you again Dave and challenge
>> this. (I'm hoping to add to my wall)
>>
>> If a someone is using MySQL ...
>
> Well, the original poster was asking about the current attack, which
> specifically targets MS SQL Server.
>
That might be true, but he didn't say that. He
1 - 100 of 492 matches
Mail list logo
