Skip to main content
B
Bagoose
Participant
December 13, 2007
Question

cfqueryparam in cfset

  • December 13, 2007
  • 12 replies
  • 2856 views

I do a lot of things like like:

<cfset selectStatement="select id, someText, someValue from myTable ">
<cfset whereStatement= " where id=#form.getId# ">

Then

<cfquery...>
#selectStatement# #whereStatement#
</cfquery>

But I can't use the cfqueryparam tag in the cfset tag. It busts. I can't do :

<cfset whereStatement= "where id = <cfqueryparam value="#form.id#" cfsqltype="CF_SQL_NUMERIC"> ">

What's a good work around for me. I want to prevent sql injection attacks, but I create my sql as variables outside the cfquery tag.

Thanks,

Bagus
This topic has been closed for replies.

12 replies

Show previous replies
B
BagooseAuthor
Participant
December 13, 2007

A *lot* of my coding is done this way. (I hope this doesn't have to change!)

I'll often have a whole page of code that is an attempt to boil things down to the one proper sql call and do other things as it goes too. One example might be that the i need to determine whether a sql statement will be an insert or an update. The variables collected to put in the database are the same but as you can imagine the sql statements are quite different. So all the logic to create the sql statement is outside the query and the query in the end is just one string variable.

P
paross1
Participating Frequently
December 13, 2007
Geeze, I hope that I never have to come in behind you and troubleshoot your code!

Phil
P
paross1
Participating Frequently
December 13, 2007
quote:
...but I create my sql as variables outside the cfquery tag.
Why? I can see doing it once in a while for something special, but all of the time? I know it makes your SQL more "dynamic", but it probably causes more problems than it solves. (Just an opinion.)

I haven't tried it, but I suppose that you could try using chr() and the ASCII code for < (60) and > (62) and substitute these function calls for the characters.

Phil
Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices