Maybe cfsavecontent it instead, that way the cfif can get processed when the
string is created.
On 5/4/07, AJ Mercer [EMAIL PROTECTED] wrote:
I am building up an SQL string and what to include cfquery params in it.
If I do a cfdump of the variable I see the string with the cfqueryparam
scratch that...
Didn't see cfqueryparam:-(
On 5/4/07, Andrew Scott [EMAIL PROTECTED] wrote:
Maybe cfsavecontent it instead, that way the cfif can get processed when
the string is created.
On 5/4/07, AJ Mercer [EMAIL PROTECTED] wrote:
I am building up an SQL string and what to
But I will say that if this is inside a cffunction and its being validated
as arguments. You can skip the cfqueryparam anyway.
On 5/4/07, Andrew Scott [EMAIL PROTECTED] wrote:
scratch that...
Didn't see cfqueryparam:-(
On 5/4/07, Andrew Scott [EMAIL PROTECTED] wrote:
Maybe
CFSAVECONTENT can be extremely useful however although for db it might prove
a security risk and I would not use it personally.
For example you can have a dynamic LOGGED IN/OUT for say menu items or
security access - but code it once and use the CFSAVECONTENT variable at
your leisure.
Wrap your
Having a go was I? My main worry would be how much info you can get with
debugging or an un-handled error. Like any variable there can be risks when
using dynamic data - especially with database and file operations.
Oh yeah. Dreamweaver CS3 is a bit dissapointing. Not much new to offer (for
the
Peter,
No I didn't say u were having a go, but was curious how your see it as a
security risk. besides with cftry and cftransaction you capture all
exceptions anyway.
As far as DW goes, I hate DW8 and Homesite anyway Neither support TDD.
On 5/4/07, Peter Tilbrook [EMAIL PROTECTED] wrote:
But I will say that if this is inside a cffunction and its being validated
as arguments. You can skip the cfqueryparam anyway.
Well that's only half (maybe as much as half) true.
cfqueryparam values are as much about query compilation and improved
DB server erformance and memory management
My sig is too big.
Info you do not want devulged can still become available.
Look at the new DONOTRINGMEPLEASE.gov.au site. What would happen when your
server shits itself? Any guarantee that your error trapping code works? What
if it shits itself BEFORE then?
As they say. Shit happens. I had
True - and also differ across platforms, dbms's, even service packs.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
cfaussie group.
To post to this group, send email to cfaussie@googlegroups.com
To unsubscribe from
Onya Adam!
I mean - why would you do it? Way too complicated, un-necessary etc.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
cfaussie group.
To post to this group, send email to cfaussie@googlegroups.com
To
On 04/05/07, Andrew Scott [EMAIL PROTECTED] wrote:
How can this be a security Risk
cfsavecontent variable=test
where someField = cfqueryparam ... /
/cfsavecontent
cfquery ..
select * from some table
cfoutput#test#/cfoutput
/cfquery
How can you verify what is being fed
I am using cfparam for database optermisation - param binding
There is some funky stuff going on in the application that generates sql -
not my design, but I have to work with it.
So back to the question, can cf tags be put in a string to be used in
another tag later?
On 5/4/07, Peter
Yeah I must admit after posting that, I didn't think it would work...
On 5/4/07, Adam Cameron [EMAIL PROTECTED] wrote:
How can this be a security Risk
cfsavecontent variable=test
where someField = cfqueryparam ... /
/cfsavecontent
cfquery ..
select * from some
So back to the question, can cf tags be put in a string to be used in
another tag later?
Short answer: no.
Mid-length answer:
You've got to think about the CF live cycle. What you see as source
code isn't actually what's finally executed. Before it's executed,
CFML is compiled into Java
Thanks for the explanation Adam. Back to the drawing board...
This looks interesting
http://mkruger.cfwebtools.com/index.cfm?mode=aliasalias=no_cfqueryparam
http://mkruger.cfwebtools.com/index.cfm?mode=aliasalias=binding_oracle
eg
cfquery name=getUser datasource=#dsn#
DECLARE @param1
15 matches
Mail list logo