sql/access erro question

Question

Been a few years since I worked with tag based cf.

Was trying to create a search form to search db records that matched the user inputs. I basically copied old tutorials code from cfwack 9 and the OWS examples files. These files use a derby database and of course work fine.

I copied the search,cfm and results.cfm templates and just replaced all the values with my database vals. Im using an access database and i get an error when I run the query.

As you can see, it says Im missing an operator in the WHERE clause. Again, this same code seemed to work fine in the ows tutorial db. Im wondering if its because its an access db and the operators may be different?

Here is my query:

<cfquery name="plm" datasource="dawnFoods">
SELECT ProductDataSpec.ID, ProductDataSpec.projectName. ProductDataSpec.desc, ProductDataSpec.skuDetails
FROM ProductDataSpec
WHERE 0=0
<cfif FORM.projectName IS NOT "">
 AND projectName = #FORM.projectName#
</cfif>
ORDER BY ID
</cfquery>

Not sure why the hmtl insert is adding a double 00 in the where clause, its not in my source code.

Any help would be greatly appreciated.

IndraPrastha · Answer

Seems you're just missing the single quote around FORM.projectName :

AND projectName = '#FORM.projectName#'

I would recommend you to use <cfqueryparam> instead of directly outputting the #FORM.projectName#

this is to prevent someone injecting malicious SQL to your query.

Read it here : Adobe ColdFusion 9 * Enhancing security with cfqueryparam

Cheers,

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded