Hi,
Is there any way to execute multiple queries with ColdFusion MX 6.1
and Oracle Database 9i R2?
The cfquery tag seems to support a single query only ...
Thanks.
~|
Find out how CFTicket can increase your company's customer
Sorry, it's the other way around. Oracle does not support multiple queries in
a query string. I fought this for a long time before I found an Oracle
blog/tech note/something that indicated you can't do multiple queries.
Stored procedures are probably the only way to go I think, but I've not
Yep...pretty sure with Oracle it's still single query onlybut not in SQL
Server ;-)
Bryan Stevenson B.Comm.
VP Director of E-Commerce Development
Electric Edge Systems Group Inc.
phone: 250.480.0642
fax: 250.480.1264
cell: 250.920.8830
e-mail: [EMAIL PROTECTED]
web:
[mailto:[EMAIL PROTECTED]
Sent: Friday, October 07, 2005 1:36 PM
To: CF-Talk
Subject: Re: executing multiple queries
Yep...pretty sure with Oracle it's still single query onlybut not in SQL
Server ;-)
Bryan Stevenson B.Comm.
VP Director of E-Commerce Development
Electric Edge Systems Group Inc
Meaning SQL server is more vulnerable to SQL injection attacks.
Hmm... wonder what this does?
cfset url.parameter='1; drop table orders;'
cfquery name=qryname datasource=somedsn
Select * from items where itemId=#url.parameter#
/cfquery
How do you figure Russ? No matter what DB you use,
Hmm... wonder what this does?
cfset url.parameter='1; drop table orders;'
cfquery name=qryname datasource=somedsn
Select * from items where itemId=#url.parameter#
/cfquery
Makes a dba very unhappy (unless they were smart enough to use cfqueryparam ;-)
Maybe certain types of sql injection... databases not allowing multiple
statements, would just error out on the example I've given...
-Original Message-
From: Bryan Stevenson [mailto:[EMAIL PROTECTED]
Sent: Friday, October 07, 2005 1:55 PM
To: CF-Talk
Subject: Re: executing multiple
Maybe certain types of sql injection... databases not allowing multiple
statements, would just error out on the example I've given...
Fair enoughbut if a developer does't use CFQUERYPARAM then IMHO they
deserve a good beating from SQL injection attacks ;-)
Bryan Stevenson B.Comm.
VP
well, just cause you dont use CFQUERYPARAM doesnt mean you are open to to
attack per say.
-Original Message-
From: Bryan Stevenson
To: CF-Talk
Sent: 07/10/2005 19:39
Subject: Re: executing multiple queries
Maybe certain types of sql injection... databases not allowing
multiple
well, just cause you dont use CFQUERYPARAM doesnt mean you are open to to
attack per say.
When using URL params in your query (as the example did) you are.but
ther are other reasons (like BIND variables and performance) that you should
use CFQUERYPARAM
Bryan Stevenson B.Comm.
VP
10 matches
Mail list logo