• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

Executing a query that is stored in a database

New Here ,
Nov 04, 2019 Nov 04, 2019

Copy link to clipboard

Copied

I want to retrieve  data that is store in a database.  I will use the #evaluate(string)# function to execute the coldfusion code in the data that is returned.  It works fine for simple variable but hangs up when I try to execute a stored query.  Any ideas?

example:

Database: Table: Cell: "<cfquery datasource="#session.dsn#" name="getcust">
select * from customer where cust_id = #url.cust_id#
</cfquery>"

 

I query the database for that cell and it will not evaluate the query.  Is this possible?

TOPICS
Advanced techniques

Views

478

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Nov 05, 2019 Nov 05, 2019

Copy link to clipboard

Copied

It is not possible to execute a query like that. Or any other ColdFusion tag for that matter.

That is because ColdFusion first has to compile the tag code. ColdFusion cannot do that if the tag comes hidden in a string.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Participant ,
Nov 06, 2019 Nov 06, 2019

Copy link to clipboard

Copied

Well, technically: if you want, you can write the content including the tags in a file and use cfinclude to execute the file.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Nov 06, 2019 Nov 06, 2019

Copy link to clipboard

Copied

True, Bardnet. Using cfinclude to include the content as a cfm or cfml file is one way to get ColdFusion to compile it. You can also use the cfcompile utility to compile the content of an entire directory.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Nov 06, 2019 Nov 06, 2019

Copy link to clipboard

Copied

Two remarks. Firstly, I should perhaps have started by asking why you wish to store the entire query tag in the database. Doing so creates a big risk. Anyone who managed to have access to your database could add malicious ColdFusion code.

 

What developers usually do is store parts of a query in the database. For example, a part of the SQL string. 

 

Secondly, and also on security, your where-clause is unsafe. Use instead (assuming the Id is an integer)

 

 

 

 

where cust_id = <cfqueryparam value="#url.cust_id#" cfsqltype="cf_sql_integer">

 

 

 

 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Nov 07, 2019 Nov 07, 2019

Copy link to clipboard

Copied

Thanks, I appreciate the advice. Actually what I want to do is store an entire pre-defined pdf document in the database. But the document would need to have query's in it to creat fresh data each time it is retrieved. I would retrieve the entire code and send it to a pdf output format. Does that make sense?  

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Nov 07, 2019 Nov 07, 2019

Copy link to clipboard

Copied

LATEST

Hi Polarbear199, given that the document is stored as static data in the database, I don't understand how you are going to handle the dynamic variables such as session.dsn and url.cust_id.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation