Copy link to clipboard
Copied
I want to retrieve data that is store in a database. I will use the #evaluate(string)# function to execute the coldfusion code in the data that is returned. It works fine for simple variable but hangs up when I try to execute a stored query. Any ideas?
example:
Database: Table: Cell: "<cfquery datasource="#session.dsn#" name="getcust">
select * from customer where cust_id = #url.cust_id#
</cfquery>"
I query the database for that cell and it will not evaluate the query. Is this possible?
Copy link to clipboard
Copied
It is not possible to execute a query like that. Or any other ColdFusion tag for that matter.
That is because ColdFusion first has to compile the tag code. ColdFusion cannot do that if the tag comes hidden in a string.
Copy link to clipboard
Copied
Well, technically: if you want, you can write the content including the tags in a file and use cfinclude to execute the file.
Copy link to clipboard
Copied
True, Bardnet. Using cfinclude to include the content as a cfm or cfml file is one way to get ColdFusion to compile it. You can also use the cfcompile utility to compile the content of an entire directory.
Copy link to clipboard
Copied
Two remarks. Firstly, I should perhaps have started by asking why you wish to store the entire query tag in the database. Doing so creates a big risk. Anyone who managed to have access to your database could add malicious ColdFusion code.
What developers usually do is store parts of a query in the database. For example, a part of the SQL string.
Secondly, and also on security, your where-clause is unsafe. Use instead (assuming the Id is an integer)
where cust_id = <cfqueryparam value="#url.cust_id#" cfsqltype="cf_sql_integer">
Copy link to clipboard
Copied
Thanks, I appreciate the advice. Actually what I want to do is store an entire pre-defined pdf document in the database. But the document would need to have query's in it to creat fresh data each time it is retrieved. I would retrieve the entire code and send it to a pdf output format. Does that make sense?
Copy link to clipboard
Copied
Hi Polarbear199, given that the document is stored as static data in the database, I don't understand how you are going to handle the dynamic variables such as session.dsn and url.cust_id.