Skip to main content
P
Polarbear199
Participant
November 5, 2019
Question

Executing a query that is stored in a database

  • November 5, 2019
  • 2 replies
  • 822 views

I want to retrieve  data that is store in a database.  I will use the #evaluate(string)# function to execute the coldfusion code in the data that is returned.  It works fine for simple variable but hangs up when I try to execute a stored query.  Any ideas?

example:

Database: Table: Cell: "<cfquery datasource="#session.dsn#" name="getcust">
select * from customer where cust_id = #url.cust_id#
</cfquery>"

 

I query the database for that cell and it will not evaluate the query.  Is this possible?

This topic has been closed for replies.

2 replies

BKBK
Community Expert
BKBKCommunity Expert
Community Expert
November 7, 2019

Two remarks. Firstly, I should perhaps have started by asking why you wish to store the entire query tag in the database. Doing so creates a big risk. Anyone who managed to have access to your database could add malicious ColdFusion code.

 

What developers usually do is store parts of a query in the database. For example, a part of the SQL string. 

 

Secondly, and also on security, your where-clause is unsafe. Use instead (assuming the Id is an integer)

 

 

 

 

where cust_id = <cfqueryparam value="#url.cust_id#" cfsqltype="cf_sql_integer">

 

 

 

 

P
Polarbear199Author
Participant
November 7, 2019

Thanks, I appreciate the advice. Actually what I want to do is store an entire pre-defined pdf document in the database. But the document would need to have query's in it to creat fresh data each time it is retrieved. I would retrieve the entire code and send it to a pdf output format. Does that make sense?  

BKBK
Community Expert
BKBKCommunity Expert
Community Expert
November 7, 2019

Hi Polarbear199, given that the document is stored as static data in the database, I don't understand how you are going to handle the dynamic variables such as session.dsn and url.cust_id.

BKBK
Community Expert
BKBKCommunity Expert
Community Expert
November 6, 2019

It is not possible to execute a query like that. Or any other ColdFusion tag for that matter.

That is because ColdFusion first has to compile the tag code. ColdFusion cannot do that if the tag comes hidden in a string.

B
Bardnet
Inspiring
November 6, 2019

Well, technically: if you want, you can write the content including the tags in a file and use cfinclude to execute the file.

BKBK
Community Expert
BKBKCommunity Expert
Community Expert
November 6, 2019

True, Bardnet. Using cfinclude to include the content as a cfm or cfml file is one way to get ColdFusion to compile it. You can also use the cfcompile utility to compile the content of an entire directory.

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices