building dynamic queries

Question

I am on a slavage mission with a short time frame. I have a
database w/50 tables all with the same structure, I need to display
the contents of the tables base on a user click on an image map. My
problem is that I am trying to dynamically set the table name to be
used in the query and the name is being passed but I get an error
saying "Syntax error in query. Incomplete query clause. " but the
debug info clearly shows the table name.

select *
from #trim(url.state)#
order by branch

SQL select * from ''me'' order by branch 
DATASOURCE [removed by author]
VENDORERRORCODE -3003 
SQLSTATE HY000

Any suggestions?

tia
J.

Newsgroup_User · Answer

> Any suggestions?ColdFusion automatically escapes variables with string datarendered inside a <cfquery...>block with single quotecharacters. Because 90% of the time - this is the proper behavior.You can see that in the debug SQL. The table name should nothave the quotes around it.SQL select * from ''me'' order by branchIn cases, such as yours, where you do not want this behavior,ColdFusion  provides the preserveSingleQuotes() function.SELECT *FROM #preserveSingleQuotes(trim(url.state))#ORDER BY monthJust realize you are writing very dangerous code there. Anyuser who notices what you are doing can provide ANY sql code they wantin the url.state variable and do just about anything they want toyour database.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded