Re: SQL injection attack on House of Fusion

2008-08-08 Thread Eric P
On Fri, Aug 8, 2008 at 4:13 PM, Claude Schneegans <[EMAIL PROTECTED]> wrote: > >>Then 20-30 minutes later he would show up again with a different IP. > > How do you know it was the same guy ? > May be it was the same bot doing the same thing, but these bots are just > like viruses, > they spread a

Re: SQL injection attack on House of Fusion

2008-08-08 Thread Claude Schneegans
>>Then 20-30 minutes later he would show up again with a different IP. How do you know it was the same guy ? May be it was the same bot doing the same thing, but these bots are just like viruses, they spread anywhere. -- ___ REUSE CODE! Use custom tags; See

Re: SQL injection attack on House of Fusion

2008-08-08 Thread Wil Genovese
ime. > > ~Brad > > - Original Message - > From: "Andy Matthews" <[EMAIL PROTECTED]> > To: "CF-Talk" > Sent: Friday, August 08, 2008 3:00 PM > Subject: RE: SQL injection attack on House of Fusion > > >> blocking the IPs would probably s

Re: SQL injection attack on House of Fusion

2008-08-08 Thread Terry Ford
list of 12,000 IP addresses (and counting at the rate of 500+ new IP addresses each hour) of this botnet available if that's of any use to anyone. Regards --- On Fri, 8/8/08, Brad Wood <[EMAIL PROTECTED]> wrote: > From: Brad Wood <[EMAIL PROTECTED]> > Subject: Re: SQL

Re: SQL injection attack on House of Fusion

2008-08-08 Thread Eric P
On Fri, Aug 8, 2008 at 3:25 PM, Brad Wood <[EMAIL PROTECTED]> wrote: > Yeah, I'm well aware of the near impossibility of ever tracking IP address > to anything useful, but I'm a person who likes data, for within mounds of > useless data can be found trends. Most of all, I'm just curious. Also, I'

Re: SQL injection attack on House of Fusion

2008-08-08 Thread Brad Wood
24/7 uptime. ~Brad - Original Message - From: "Andy Matthews" <[EMAIL PROTECTED]> To: "CF-Talk" Sent: Friday, August 08, 2008 3:00 PM Subject: RE: SQL injection attack on House of Fusion > blocking the IPs would probably stop the attacks, but analyzing them is > g

RE: SQL injection attack on House of Fusion

2008-08-08 Thread Andy Matthews
-Original Message- From: Brad Wood [mailto:[EMAIL PROTECTED] Sent: Friday, August 08, 2008 11:03 AM To: CF-Talk Subject: Re: SQL injection attack on House of Fusion Tell us how you really feel Ben. :) I had to temporarily stop apache on my site long enough to get a stop gap in place.

RE: SQL injection attack on House of Fusion

2008-08-08 Thread Andy Matthews
-Original Message- From: Brad Wood [mailto:[EMAIL PROTECTED] Sent: Friday, August 08, 2008 11:03 AM To: CF-Talk Subject: Re: SQL injection attack on House of Fusion Tell us how you really feel Ben. :) I had to temporarily stop apache on my site long enough to get a stop gap in place.

Re: SQL injection attack on House of Fusion

2008-08-08 Thread Michael Dinowitz
I'm using ionic isapi with the following RewriteCond %{QUERY_STRING} ;DECLARE [I] RewriteRule ;DECLARE /index.htm [I,L] it works perfectly except for a single issue. If you're using a custom 404 in iis (like piping 404 errors to CF), then the isapi will hang the server. -- Michael Dinowitz (http

Re: SQL injection attack on House of Fusion

2008-08-08 Thread Terry Ford
Our site has now seen just over 200,000 attack attempts over the past 48 hours, 73,000 attack attempts over the past 5 hours. Not nearly a DOS concern yet, as the acceleration of attacks has started to at least flatten a bit over the last 2-3 hours, but we're watching it carefully. The attacks

Re: Way to View SQL Transaction history.. RE SQL Injection

2008-08-08 Thread Nathan Strutz
J - It depends on your database, but yeah, you can do that, but it's on the DB server. For MS SQL Server, you can use the SQL Profiler to watch your database live, all the interactions, all the results. It will slow down a busy site if you do it for more than a few seconds at a time, but most site

Re: SQL injection attack on House of Fusion

2008-08-08 Thread Brad Wood
They might be doing a screen scrape looking for an error message to see if they've hit on a vulnerable parameter. When/if the find one, they probably log it or attempt to attack it. ~Brad > For example, we'll see three successive errant query strings come > through like this. > > ?a=1'&b=2&c=3

Re: SQL injection attack on House of Fusion

2008-08-08 Thread Eric P
We've also noticed these SQL injection attempts rear their head the last day or so; saw almost the exact same type of attack (I.e., same injection payload) back in April as well. The attack we're seeing is very (MS) SQL Server specific as they're trying to hit some SQL Server system tables and inj

RE: SQL injection attack on House of Fusion

2008-08-08 Thread Andy Matthews
Hysterical!! -Original Message- From: Mike Kear [mailto:[EMAIL PROTECTED] Sent: Friday, August 08, 2008 12:14 PM To: CF-Talk Subject: Re: SQL injection attack on House of Fusion Ben Forta said > <<<<> On the plus side, it's nice to see CF finally get

RE: SQL injection attack on House of Fusion

2008-08-08 Thread Andy Matthews
Hysterical!! -Original Message- From: Mike Kear [mailto:[EMAIL PROTECTED] Sent: Friday, August 08, 2008 12:14 PM To: CF-Talk Subject: Re: SQL injection attack on House of Fusion Ben Forta said > <<<<> On the plus side, it's nice to see CF finally get

RE: SQL injection attack on House of Fusion

2008-08-08 Thread Dave Long
[EMAIL PROTECTED] > Sent: Friday, August 08, 2008 12:36 PM > To: CF-Talk > Subject: RE: SQL injection attack on House of Fusion > > > > even if it is from parasitic bottom-feeding bots created by > despicable > > scum-sucking feeble-excuse-for-a-carbon-based-li

RE: SQL injection attack on House of Fusion

2008-08-08 Thread Dave Watts
> > ... by despicable scum-sucking feeble-excuse-for-a- > > carbon-based-life-form repugnant socially-inept > > basement-dwelling death-penalty-deserving hacker-wannabes. > > What makes you think they're lawyers, Ben? That really isn't called for, Mike. You should be ashamed of yourself. Lawyers

RE: SQL injection attack on House of Fusion

2008-08-08 Thread Mark Kruger
Mike, That's the funniest comment I've heard this week... 10 points for Mr.Kear. -mark -Original Message- From: Mike Kear [mailto:[EMAIL PROTECTED] Sent: Friday, August 08, 2008 12:14 PM To: CF-Talk Subject: Re: SQL injection attack on House of Fusion Ben Forta said

RE: SQL injection attack on House of Fusion

2008-08-08 Thread Rick Faircloth
lly* feel! :o) > -Original Message- > From: Ben Forta [mailto:[EMAIL PROTECTED] > Sent: Friday, August 08, 2008 11:51 AM > To: CF-Talk > Subject: RE: SQL injection attack on House of Fusion > > Yep, I turned e-mail notifications off too, leave it on and you can > inadvertent

Re: SQL injection attack on House of Fusion

2008-08-08 Thread Mike Kear
Ben Forta said > > On the plus side, it's nice to see CF finally getting the recognition it > deserves, even if it is from parasitic bottom-feeding bots created by > despicable scum-sucking feeble-excuse-for-a-carbon-based-life-form repugnant > socially-inept basement-dwelling death-penalty

Re: SQL injection attack on House of Fusion

2008-08-08 Thread Brad Wood
: "Wil Genovese" <[EMAIL PROTECTED]> To: "CF-Talk" Sent: Friday, August 08, 2008 11:26 AM Subject: Re: SQL injection attack on House of Fusion > very few bots accept cookies. I've never actually seen one that does, > but I have read it is

RE: SQL injection attack on House of Fusion

2008-08-08 Thread Dave Watts
> I've love to get my hands on an infected machine, but that > would be about impossible without ISPs giving a darn. It's quite easy to get your hands on an infected machine. Take a machine and let it get infected. Enjoy! VMware VMs are great for this. Dave Watts, CTO, Fig Leaf Software http://w

Re: SQL injection attack on House of Fusion

2008-08-08 Thread Brad Wood
ed machine, but that would be about impossible without ISPs giving a darn. ~Brad - Original Message - From: "Mark Kruger" <[EMAIL PROTECTED]> To: "CF-Talk" Sent: Friday, August 08, 2008 11:59 AM Subject: RE: SQL injection attack on House of Fusion > Br

RE: SQL injection attack on House of Fusion

2008-08-08 Thread Mark Kruger
ssage- From: Brad Wood [mailto:[EMAIL PROTECTED] Sent: Friday, August 08, 2008 11:40 AM To: CF-Talk Subject: Re: SQL injection attack on House of Fusion - Original Message - From: "Brad Wood" <[EMAIL PROTECTED]> > Dang, the brutes thought of everything. I even tried a te

Re: SQL injection attack on House of Fusion

2008-08-08 Thread Claude Schneegans
>>very few bots accept cookies. I've never actually seen one that does, but I have read it is possible to write one that will. If you use CF to write the bot, for instance ;-) -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/cus

Re: SQL injection attack on House of Fusion

2008-08-08 Thread Brad Wood
- Original Message - From: "Brad Wood" <[EMAIL PROTECTED]> > Dang, the brutes thought of everything. I even tried a test to see if the > bots would return cookies I attempted to set in order to track them > easier. > Nope, they don't. Ok, I take that back. SOME, but not all, of the hac

RE: SQL injection attack on House of Fusion

2008-08-08 Thread Ben Forta
Darn, I blew my cover! ;-) --- Ben -Original Message- From: Ian Skinner [mailto:[EMAIL PROTECTED] Sent: Friday, August 08, 2008 12:27 PM To: CF-Talk Subject: Re: SQL injection attack on House of Fusion Ben Forta wrote: > ... parasitic bottom-feeding bots created by > despicabl

Re: SQL injection attack on House of Fusion

2008-08-08 Thread Ian Skinner
Ben Forta wrote: > ... parasitic bottom-feeding bots created by > despicable scum-sucking feeble-excuse-for-a-carbon-based-life-form repugnant > socially-inept basement-dwelling death-penalty-deserving hacker-wannabes. > > --- Ben Now please don't hold back your feelings on our account. Please ju

Re: SQL injection attack on House of Fusion

2008-08-08 Thread Wil Genovese
very few bots accept cookies. I've never actually seen one that does, but I have read it is possible to write one that will. Wil Genovese One man with courage makes a majority. -Andrew Jackson A fine is a tax for doing wrong. A tax is a fine for doing well.

Re: SQL injection attack on House of Fusion

2008-08-08 Thread Brad Wood
Dang, the brutes thought of everything. I even tried a test to see if the bots would return cookies I attempted to set in order to track them easier. Nope, they don't. ~Brad ~| Adobe® ColdFusion® 8 software 8 is the most imp

Re: SQL injection attack on House of Fusion

2008-08-08 Thread Alan Rother
I think alot of us are doing that now. Do you think it would be helpful in some way for us to all pool that data? Create some central repository for it so we can all make use of it and maybe even get the attention of some of the ISP? On Fri, Aug 8, 2008 at 9:05 AM, Ben Forta <[EMAIL PROTECTED]>

RE: SQL injection attack on House of Fusion

2008-08-08 Thread Ben Forta
Sent: Friday, August 08, 2008 12:03 PM To: CF-Talk Subject: Re: SQL injection attack on House of Fusion Tell us how you really feel Ben. :) I had to temporarily stop apache on my site long enough to get a stop gap in place. My database is safe, but I was getting around 90 requests a second

Re: SQL injection attack on House of Fusion

2008-08-08 Thread Brad Wood
al Message - From: "Ben Forta" <[EMAIL PROTECTED]> To: "CF-Talk" Sent: Friday, August 08, 2008 10:50 AM Subject: RE: SQL injection attack on House of Fusion > Yep, I turned e-mail notifications off too, leave it on and you can > inadvertently turn blocking SQL

RE: SQL injection attack on House of Fusion

2008-08-08 Thread Mark Kruger
Ben, I know I speak for all of us when I say this is a side of you we've never seen. The jury's out but I think I like it (ha). -Mark -Original Message- From: Ben Forta [mailto:[EMAIL PROTECTED] Sent: Friday, August 08, 2008 10:51 AM To: CF-Talk Subject: RE: SQL injection

Re: SQL injection attack on House of Fusion

2008-08-08 Thread Greg Morphis
. > > --- Ben > > > > -Original Message- > From: Michael Dinowitz [mailto:[EMAIL PROTECTED] > Sent: Friday, August 08, 2008 11:41 AM > To: CF-Talk > Subject: Re: SQL injection attack on House of Fusion > > Which explains why House of Fusion is being so h

Re: SQL injection attack on House of Fusion

2008-08-08 Thread Alan Rother
Geez Ben, tell how you really feel... =] >>> > > > On the plus side, it's nice to see CF finally getting the recognition it > deserves, even if it is from parasitic bottom-feeding bots created by > despicable scum-sucking feeble-excuse-for-a-carbon-based-life-form > repugnant > socially-inept bas

RE: SQL injection attack on House of Fusion

2008-08-08 Thread Ben Forta
-Talk Subject: Re: SQL injection attack on House of Fusion Which explains why House of Fusion is being so heavily hit. We're literally everywhere on Google. Fusion Authority on the other hand has all of its urls masked to .htm so the only one being attacked there is an old .cfm archive. I'

Re: SQL injection attack on House of Fusion

2008-08-08 Thread Michael Dinowitz
Which explains why House of Fusion is being so heavily hit. We're literally everywhere on Google. Fusion Authority on the other hand has all of its urls masked to .htm so the only one being attacked there is an old .cfm archive. I'm working on a webserver level fix for this which will bypass the ne

Re: SQL injection attack on House of Fusion

2008-08-08 Thread Scott Stewart
Ouch Thanks Tom... :) -- Scott Stewart ColdFusion Developer Office of Research Information Systems Research & Economic Development University of North Carolina at Chapel Hill Phone:(919)843-2408 Fax: (919)962-3600 Email: [EMAIL PROTECTED] Tom Chiverton wrote: > On Friday 08 Aug 2008, Sco

Re: SQL injection attack on House of Fusion

2008-08-08 Thread Tom Chiverton
On Friday 08 Aug 2008, Scott Stewart wrote: > I'm almost flattered that someone thought my site was important enough > to attack... They didn't. The attack is probably driving itself based on a Google search ( [inurl:.cfm] ?) . -- Tom Chiverton *

Re: SQL injection attack on House of Fusion

2008-08-08 Thread Scott Stewart
and your absolutely right, I've gotten two and query params covered it, but it sounds like you're getting hit two pronged. "If the injection doesn't do something, the brute force attack will" I'm almost flattered that someone thought my site was important enough to attack... Scott Stewart ColdF

Re: SQL injection attack on House of Fusion

2008-08-08 Thread Mike Kear
In the last 7 hours since i set up a counter on it, i've had 2792 on sites far lower volume than HouseofFusion.. So do i get a prize? Cheers Mike Kear Windsor, NSW, Australia Adobe Certified Advanced ColdFusion Developer AFP Webworks http://afpwebworks.com ColdFusion, PHP, ASP, ASP.NET hosting f

Re: SQL injection attack on House of Fusion

2008-08-08 Thread Michael Dinowitz
Covering the bases with cfqueryparam is one thing, being mobbed is another. Sometimes you have to stop these things before any other code is run. I've put that abort script at the top of all my application.cfcs jst to brute force stop the horde. On Fri, Aug 8, 2008 at 10:31 AM, Scott Stewart <[EMA

Re: SQL injection attack on House of Fusion

2008-08-08 Thread Scott Stewart
Yeah, I've gotten a couple today.. but fortunately when Ray built BlogCFC. he covered his bases. Scott Stewart ColdFusion Developer Office of Research Information Systems Research & Economic Development University of North Carolina at Chapel Hill Phone:(919)843-2408 Fax: (919)962-3600 Email: [E

Way to View SQL Transaction history.. RE SQL Injection

2008-08-08 Thread jonese
Hey all, So far we've been good but i'm helping some other companies who have experience successful SQL injection attacks. Is there any way to see the log files of every transaction for a DB so we can see which queries failed and which ones were a success? jonese http://www.jonese.us http://twit

Re: SQL Weirdness on text file query

2008-05-19 Thread Nicholas Stein
James, I had the same problem. I was picking up a phone number from a flat file and getting a float out of it. Most annoying. I ended up with a function in TSQL. You can modify this to use simialar padding on the "area code" as I did on the number. /*

Re: SQL Weirdness on text file query

2008-05-19 Thread James Smith
OK, eventually found a fix.. SELECT *, STR("the-field") AS TheField FROM theTextFile Kind of works but still drops leading zeroes so I have to re add them after the select... -- Jay On Wed, May 14, 2008 at 12:11 PM, James Smith <[EMAIL PROTECTED]> wrote: > I am querying a text file and gettin

Re: sql help <> NEQ

2008-04-03 Thread Paul Ihrig
ok i go it i think but it just looks so weird to me.. it looks back wards but works... SELECT DISTINCT TOP 100 PERCENT dbo.V_riprod_ZMATMAST.sap_partnum AS NEQnumb FROM dbo.V_riprod_ZMATMAST LEFT OUTER JOIN dbo.V_riprod_Specs_ZMATMAST_EQ ON dbo.V_riprod_ZMATMAST.sap_

Re: SQL Injection

2008-03-21 Thread Jignesh Kakkad
Thank you Dave Dave Watts wrote: >>> http://www.coldfusionmuse.com/index.cfm/2008/2/22/sql-injection-on-a- >>> charact >>> er-field >>> >> I have checked given below link but it says there is not blog entry >> > > You have to copy the entire text of the link to your browser. Everythi

RE: SQL Injection

2008-03-21 Thread Dave Watts
> > http://www.coldfusionmuse.com/index.cfm/2008/2/22/sql-injection-on-a- > > charact > > er-field > > I have checked given below link but it says there is not blog entry You have to copy the entire text of the link to your browser. Everything within the angle brackets below:

Re: SQL Injection

2008-03-21 Thread Jignesh Kakkad
dear Sir, I have checked given below link but it says there is not blog entry can you please confirm the same? waiting for the reply regards jiggy Ian Skinner wrote: > Mark Kruger wrote: > >> Ian, >> >> I posted an example of this recently on my blog. >> >> http://www.coldfusionmuse.com/in

Re: SQL Injection

2008-03-17 Thread Ian Skinner
Mark Kruger wrote: > Ian, > > I posted an example of this recently on my blog. > > http://www.coldfusionmuse.com/index.cfm/2008/2/22/sql-injection-on-a-charact > er-field > > The long and short is that different platforms allow you to escape single > quotes differently and this technique can be use

RE: SQL Injection

2008-03-16 Thread Mark Kruger
Ian, I posted an example of this recently on my blog. http://www.coldfusionmuse.com/index.cfm/2008/2/22/sql-injection-on-a-charact er-field The long and short is that different platforms allow you to escape single quotes differently and this technique can be used to get the right number of quote

RE: SQL Injection

2008-03-14 Thread Bobby Hartsfield
There was a recent thread about this. Check the archives. ..:.:.:.:.:.:.:.:.:.:.:. Bobby Hartsfield http://acoderslife.com -Original Message- From: Ian Skinner [mailto:[EMAIL PROTECTED] Sent: Friday, March 14, 2008 6:51 PM To: CF-Talk Subject: SQL Injection I am presuming the those wh

RE: SQL Question -- Order by a column's value?

2008-01-25 Thread Gaulin, Mark
Yes, you can do this with a CASE statement. The syntax may depend on you db, but on SQL Server ORDER BY CASE Colleges WHEN 'Harvard' THEN 1 WHEN 'Princeton' THEN 2 WHEN 'Dartmouth' THEN 3 ELSE 100 END This would p

RE: SQL Question -- Order by a column's value?

2008-01-25 Thread Che Vilnonis
Cool. That did the trick. Thanks to all! -Original Message- From: Gaulin, Mark [mailto:[EMAIL PROTECTED] Sent: Friday, January 25, 2008 2:08 PM To: CF-Talk Subject: RE: SQL Question -- Order by a column's value? Yes, you can do this with a CASE statement. The syntax may depend o

Re: SQL: ISNULL, NULLIF problem

2008-01-17 Thread Adam Haskell
Not a problem, for the record the isNull as others stated is not needed. Also NULLIF should be able to be put inside the denominator select statement if desired. ( (SELECT COUNT(*) FROM Leads WHERE rep_assigned = rep_import_ter.rep_ID AND add_ricrm =

Re: SQL: ISNULL, NULLIF problem

2008-01-17 Thread morchella
(SELECT ISNULL(COUNT(*),0) FROM Emp WHERE emp_assID = rEmp.empID AND addSale = 1) * 100 / NULLIF((SELECT COUNT(*) FROM Emp WHERE emp_assID = rEmp.empID AND ((Emp.Qal = 4) OR (Emp.addSale = 1))) AS perEmp worked really well thanks for all the help... Adam & Dominic! ~

Re: SQL: ISNULL, NULLIF problem

2008-01-17 Thread Dominic Watson
> > but i get Incorrect syntax near the keyword 'FROM'. > any help would be great... > thanks > Count() will never return null. But if it did return null, the syntax you would need would be like this (untested): (SELECT ISNULL( COUNT(),0) FROM Emp WHERE emp_assID = rEmp.empID AND addSale = 1) / N

RE: SQL Question, get previous record

2008-01-15 Thread Dawson, Michael
You are correct. Thanks! -Original Message- From: Brad Wood [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 15, 2008 1:28 PM To: CF-Talk Subject: RE: SQL Question, get previous record I think you'll want an order by on those: to get the previous: SELECT TOP 1 idNumber FROM

Re: SQL Question, get previous record

2008-01-15 Thread Crow T. Robot
If you already have the result set, and it is ordered by the id, then you could just use this myQueryResult.id[currentrow+/-1] to fetch the previous/next id number very pseudo code here, but hopefully you get the drift. but not quite sure if this is what you're asking? On Jan 15, 2008 1:20 PM,

RE: SQL Question, get previous record

2008-01-15 Thread Scott Stewart
:23 PM To: CF-Talk Subject: RE: SQL Question, get previous record If you are using SQL Server, you can use something like this to get the previous: SELECT TOP 1 idNumber FROM Table WHERE idNumber < #myNumber# or to get the next: SELECT TOP 1 idNumber FROM Table WHERE idNumber > #myNumber#

RE: SQL Question, get previous record

2008-01-15 Thread Brad Wood
e- From: Dawson, Michael [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 15, 2008 1:23 PM To: CF-Talk Subject: RE: SQL Question, get previous record If you are using SQL Server, you can use something like this to get the previous: SELECT TOP 1 idNumber FROM Table WHERE idNumber < #myNumber#

RE: SQL Question, get previous record

2008-01-15 Thread Dawson, Michael
If you are using SQL Server, you can use something like this to get the previous: SELECT TOP 1 idNumber FROM Table WHERE idNumber < #myNumber# or to get the next: SELECT TOP 1 idNumber FROM Table WHERE idNumber > #myNumber# M!ke -Original Message- From: Scott Stewart [mailto:[EMAIL PRO

Re: sql clear data

2008-01-04 Thread Charlie Griefer
On Jan 4, 2008 8:14 AM, Chad Gray <[EMAIL PROTECTED]> wrote: > If I delete the row then I break the joins in the database. So I want to > blank the data out rather then remove the entire row. I think Randy's got the best suggestion of just flagging the record 'inactive' or 'deleted' (or whatever

RE: sql clear data

2008-01-04 Thread Mark Kruger
: RE: sql clear data > If I delete the row then I break the joins in the database. > So I want to blank the data out rather then remove the entire row. > > Thanks for the code. I forgot about the columnlist attribute on the > query. > > There is probably a better

RE: sql clear data

2008-01-04 Thread Dave Watts
> If I delete the row then I break the joins in the database. > So I want to blank the data out rather then remove the entire row. > > Thanks for the code. I forgot about the columnlist attribute > on the query. > > There is probably a better way of setting up the database so > don't have to

Re: sql clear data

2008-01-04 Thread Charlie Griefer
On Jan 4, 2008 8:11 AM, Ben Doom <[EMAIL PROTECTED]> wrote: > He wants to clear all *columns*, not rows. tsk... nitpicking over minor details :) -- "Scientists tell us that the fastest animal on earth, with a top speed of 120 feet per second, is a cow that has been dropped out of a helicopter."

Re: sql clear data

2008-01-04 Thread Greg Morphis
ah yeah then delete the row and readd it.. On Jan 4, 2008 10:11 AM, Ben Doom <[EMAIL PROTECTED]> wrote: > He wants to clear all *columns*, not rows. > > --Ben Doom > > Greg Morphis wrote: > > UPDATE table > > SET foo = '', > >Moo = '', > >Goo = '' > > > > > > leave out the WHERE clause.. i

Re: sql clear data

2008-01-04 Thread C. Hatton Humphrey
> He wants to clear all *columns*, not rows. There is no real way to do this in a single SQL statement. Mark's suggestion of doing a single query to get the column names and then a second to do the update is a way to do it, if you wanted to do it all in SQL it's possible in SQL Server or MySQL by

RE: sql clear data

2008-01-04 Thread Adkins, Randy
Why the blank row of data then? Why not just have a flag toggled as deleted or inactive rather than deleting the content. You never know if you need to refer back to the content at a later date. -Original Message- From: Chad Gray [mailto:[EMAIL PROTECTED] Sent: Friday, January 04, 2008 1

RE: sql clear data

2008-01-04 Thread Chad Gray
about this, but im not the guy that made the database. -Original Message- From: Mark Kruger [mailto:[EMAIL PROTECTED] Sent: Friday, January 04, 2008 10:58 AM To: CF-Talk Subject: RE: sql clear data Chad, Well you could do something like this: SELECT * FROM mytable WHER

Re: sql clear data

2008-01-04 Thread Jim Wright
On 1/4/08, Chad Gray <[EMAIL PROTECTED]> wrote: > Is there anyway to clear the data in a row in a database without using > > UPDATE table > SET foo = '', > Moo = '', > Goo = '' > WHERE ID = 1 > > I don't want to clear the ID just the other fields. > > My table has 50 fields and I don't feel

RE: sql clear data

2008-01-04 Thread Chad Gray
The id is the primary key that is autoincremented. I should have mentioned that. -Original Message- From: Nicholas M Tunney [mailto:[EMAIL PROTECTED] Sent: Friday, January 04, 2008 10:59 AM To: CF-Talk Subject: Re: sql clear data Couldn't you delete the entire row and then add

Re: sql clear data

2008-01-04 Thread Ben Doom
He wants to clear all *columns*, not rows. --Ben Doom Greg Morphis wrote: > UPDATE table > SET foo = '', >Moo = '', >Goo = '' > > > leave out the WHERE clause.. it'll empty all rows > > On Jan 4, 2008 9:47 AM, Chad Gray <[EMAIL PROTECTED]> wrote: >> Is there anyway to clear the data in

Re: sql clear data

2008-01-04 Thread David Henry
Chad, Try something like this: select top 1 * from table update table set #key# = '', ID = ID Code from brain directly to email so no warranty, liability, or guaranty on that code...but it might work. Let me know if it does and I'll treat myself to

Re: sql clear data

2008-01-04 Thread Nicholas M Tunney
Couldn't you delete the entire row and then add a new row with just the ID? Nic Chad Gray wrote: > Is there anyway to clear the data in a row in a database without using > > UPDATE table > SET foo = '', > Moo = '', > Goo = '' > WHERE ID = 1 > > I don't want to clear the ID just the other

Re: sql clear data

2008-01-04 Thread Ben Doom
This seems kind of odd. Why not just delete the row? --Ben Doom Chad Gray wrote: > Is there anyway to clear the data in a row in a database without using > > UPDATE table > SET foo = '', > Moo = '', > Goo = '' > WHERE ID = 1 > > I don't want to clear the ID just the other fields. > >

Re: sql clear data

2008-01-04 Thread Greg Morphis
UPDATE table SET foo = '', Moo = '', Goo = '' leave out the WHERE clause.. it'll empty all rows On Jan 4, 2008 9:47 AM, Chad Gray <[EMAIL PROTECTED]> wrote: > Is there anyway to clear the data in a row in a database without using > > UPDATE table > SET foo = '', > Moo = '', > Goo =

RE: sql clear data

2008-01-04 Thread Mark Kruger
Chad, Well you could do something like this: SELECT * FROM mytable WHERE id = -99 update myTable #lItem = '', 1 = 1 WHERE ID = #someIdNumber# Of course you would nee

Re: sql question: contains space' '

2008-01-03 Thread morchella
Mark i am trying to find where only the lastname was added to the field Contact. some 2000+ records. then do a match on a known field like email or phone & then update the Contact field with the combined 'fname lname' from a xls spread sheet. then after all the names are combined i will just add 2

Re: sql question: contains space' '

2008-01-03 Thread morchella
ok.. thank you! SELECT id, Contact, Address, City, State, Zip FROM Leads WHERE (Contact LIKE '') OR (Contact LIKE ' ') OR (Contact NOT LIKE '% % ') AND (LTRIM(RTRIM(Contact)) NOT LIKE '% %') ORDER BY id now to fix 20,000+ records! wonde

RE: sql question: contains space' '

2008-01-03 Thread Mark Kruger
If what you are trying to do is eliminate trailing spaces why not just do: Update contacts set contact = rtrim(ltrim(contact)) -Original Message- From: morchella [mailto:[EMAIL PROTECTED] Sent: Thursday, January 03, 2008 9:03 AM To: CF-Talk Subject: sql question: contains space' ' h

Re: sql question: contains space' '

2008-01-03 Thread Jim Wright
On 1/3/08, Paul Ihrig <[EMAIL PROTECTED]> wrote: > just fond out why > man this db is so messed up... > > 'Joe Garth ' > > > so i would i look for NOT LIKE '% % ' > OR... ltrim(rtrim(contact)) NOT LIKE '% %' ~| Adobe® ColdFusion®

Re: sql question: contains space' '

2008-01-03 Thread Paul Ihrig
just fond out why man this db is so messed up... 'Joe Garth ' so i would i look for NOT LIKE '% % ' ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclic

Re: sql question: contains space' '

2008-01-03 Thread Ian Skinner
You may need to get into database character functions. I believe they all have them, but they all implement them slightly differently. You will need to consult appropriate documentation for you database management system. But you should be able to do something like this concept. SELECT field

Re: sql question: contains space' '

2008-01-03 Thread Greg Morphis
'% ' shouldnt return ' money' it should only return enteries with a trailing space.. for example create table testtbl ( name varchar2(10)); insert into testtbl values ('Greg '); insert into testtbl values ('Greg M'); insert into testtbl values ('Greg Mo'); insert into testtbl values ('Gary '); ins

Re: sql question: contains space' '

2008-01-03 Thread morchella
but what if i want like '% '; and not like '% money' where money could be any last name or character. On Jan 3, 2008 10:17 AM, Greg Morphis <[EMAIL PROTECTED]> wrote: > the SQL statement like requires a %.. > for example.. > select * from froo where name like 'G%' > will return all names that st

Re: sql question: contains space' '

2008-01-03 Thread Greg Morphis
the SQL statement like requires a %.. for example.. select * from froo where name like 'G%' will return all names that starts with G.. So try something like select * from tbl where name like '% '; That will catch anything with a trailing space. Just a heads up.. On Jan 3, 2008 9:03 AM, morchella

RE: SQL Server connection best practice?

2008-01-02 Thread Mark Kruger
Ben, Search House of fusion for a recent thread on query optimization as well... There was an interesting issue with a stored proc taking too long and it turned out to be permissions on the database (made me go hm.) -mark -Original Message- From: Ben Mueller [mailto:[EMAIL PROT

Re: SQL Server connection best practice?

2008-01-02 Thread Ben Mueller
Okay, that's kind of what I thought. I think the SequeLink thing is what I was thinking of wrt to the ODBC driver. Thanks, Dave. >ColdFusion only supports JDBC, so you'll be using JDBC. You can either use a >"pure Java" JDBC driver, or you can connect to ODBC datasources using >SequeLink as a J

RE: SQL Server connection best practice?

2008-01-02 Thread Dave Watts
> We're running CFMX7 and SQL Server 2000 in Windows2003 > Server. I know there are a variety of ways that one can get > CF to talk to a SQL Server box: ODBC, JDBC, Named Pipes, and > so on. I don't even pretend to know what all of that really > means. The question is what's the best practic

RE: SQL Full-Text Searching

2007-12-20 Thread Gaulin, Mark
I think it indexes individual columns only, and treats them as separate fields... It does not combine column1 with column2, so firstname=john, lastname=doe will not match "john doe", but [EMAIL PROTECTED] will match. Apparently (with SQL 2000 anyway) you cannot index computed columns (first name +

RE: sql editor

2007-11-30 Thread Dennis Powers
>> Ok... How do you get Access to use the join syntax? After joining the two tables in the visual mode right click on the line that connects them and select the type of join you want. Best Regards, Dennis Powers UXB Internet - A website design and Hosting Company 690 Wolcott Road P.O. Box 6029

RE: sql editor

2007-11-30 Thread Mark A Kruger
Ah I see... Well that's a nice tip (still hate it though :) -mark -Original Message- From: Claude Schneegans [mailto:[EMAIL PROTECTED] Sent: Friday, November 30, 2007 11:21 AM To: CF-Talk Subject: Re: sql editor >>Ok... How do you get Access to use the join synt

RE: sql editor

2007-11-30 Thread Mark A Kruger
Claude, Ok... How do you get Access to use the join syntax? -mark -Original Message- From: Claude Schneegans [mailto:[EMAIL PROTECTED] Sent: Friday, November 30, 2007 9:06 AM To: CF-Talk Subject: Re: sql editor >>For example, if you use Access to create JOIN query you will n

Re: sql editor

2007-11-30 Thread Claude Schneegans
>>Ok... How do you get Access to use the join syntax? Where joining two columns between two tables, click on the line. I must admit the line is not thick, and sometimes hard to click, but everything is here. -- ___ REUSE CODE! Use custom tags; See http://ww

Re: sql editor

2007-11-30 Thread Ali Majdzadeh
> On Friday 30 Nov 2007, Ali Majdzadeh wrote: > > Hi everybody: > > I need to make some complex cfqueries and I wonder if there any easy > to use > > software is out there I can use to make the sql statements easier > > What O/S and what database ? Thanks for all the replies. I use Windows Vist

Re: sql editor

2007-11-30 Thread Claude Schneegans
>>For example, if you use Access to create JOIN query you will not get JOIN syntax. Instead you will get what I usually refer to as the "Access" join syntax. Although I agree that the Access query builder has its limit, it does support INNER, LEFT anf RIGHT joins. I have written my own "advance

RE: sql editor

2007-11-30 Thread Mark A Kruger
ect names into the query window.. This might cut down on typos. Also practicing your typing would cut down on typos and probably help in other areas as well :) -Mark -Original Message- From: Mark Fuqua [mailto:[EMAIL PROTECTED] Sent: Friday, November 30, 2007 7:35 AM To: CF-Talk Subject:

<    1   2   3   4   5   6   7   8   9   10   >