cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Exit
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
  • 한국 커뮤니티
0
Upvote

Inputing Data into MYSQL - Am I doing this right?

WhoAmIEditor
New Here ,
Oct 12, 2010 Oct 12, 2010

So I built a website a few years ago when I was first learning coldfusion, I allowed users to register, it has worked fine for my needs but I am getting ready to build another site and am wondering if my Data Insert into MYSQL is correct for the times...

Here is my code for my current solution, I guess my main question is, after a user clicks "Submit" is this the best way to insert data into my database?

<cfquery name="peopleregister" datasource="sitedata">
     INSERT INTO users (registrationdate, namefirst, namelast, fullname, UserPassword, email, streetaddress, addressline2, city, state, zipcode, country, phonenumber)

     VALUES (#CreateODBCDateTime(Now())#, '#REReplace(titleCase(Trim(Form.namefirst)), "[^0-9a-zA-Z_]", "", "ALL")#', '#REReplace(titleCase(Trim(Form.namelast)), "[^0-9a-zA-Z_]", "", "ALL")#', '#REReplace(titleCase(Trim(Form.namefirst)), "[^0-9a-zA-Z_]", "", "ALL")# #REReplace(titleCase(Trim(Form.namelast)), "[^0-9a-zA-Z_]", "", "ALL")#','#Form.UserPassword#', '#LCase(Trim(Form.email))#', '#Form.streetaddress#', '#Form.addressline2#', '#Form.city#', '#REReplace(UCase(Form.state), "[^0-9a-zA-Z_]", "", "ALL")#', '#Form.zipcode#', '#Form.country#', '#Form.phonenumber#')
</cfquery>
1.7K
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 8 Replies 8
latest latest Jump to latest reply
Dave Watts Community Expert
Community Expert ,
Oct 12, 2010 Oct 12, 2010

You need to wrap all input values (Form, URL, Cookie, CGI) with CFQUERYPARAM within your query. This is very important.

Also, there's no need to wrap Now() with CreateODBCDateTime(), since they both return the same format.

Dave Watts, CTO, Fig Leaf Software

http://www.figleaf.com/

http://training.figleaf.com/

Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on

GSA Schedule, and provides the highest caliber vendor-authorized

instruction at our training centers, online, or onsite.

Dave Watts, Eidolon LLC
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
BKBK Community Expert
Community Expert ,
Oct 13, 2010 Oct 13, 2010

I have included Dave's cfqueryparam suggestion, and have assumed the paramaters are all varchars. Modify accordingly.

<!--- store the variables locally, so your SQL script wont be cluttered. If in a function, then 'var' these variables. --->
<cfset variables.namefirst = REReplace(titleCase(Trim(Form.namefirst)), "[^0-9a-zA-Z_]", "", "ALL")>
<cfset variables.namelast  = REReplace(titleCase(Trim(Form.namelast)), "[^0-9a-zA-Z_]", "", "ALL")>
<cfset variables.fullname  = REReplace(titleCase(Trim(Form.namefirst)), "[^0-9a-zA-Z_]", "", "ALL") & " " & REReplace(titleCase(Trim(Form.namelast)), "[^0-9a-zA-Z_]", "", "ALL")>
<cfset variables.email     = LCase(Trim(Form.email))>
<cfset variables.state     = REReplace(UCase(Form.state), "[^0-9a-zA-Z_]", "", "ALL")>

<!--- indent properly to save you time and hair-pulling during debugging --->
<cfquery name="peopleregister" datasource="sitedata">    
INSERT INTO users (
   registrationdate,
   namefirst,
   namelast,
   fullname,
   UserPassword,
   email,
   streetaddress,
   addressline2,
   city, state,
   zipcode,
   country,
   phonenumber
    )    
   str_to_date('#dateNow#','%m-%d-%Y %H:%i:%s'),
   <cfqueryparam value="#variables.namefirst#" cfsqltype = "cf_sql_varchar">,
   <cfqueryparam value="#variables.namelast#" cfsqltype = "cf_sql_varchar">,
   <cfqueryparam value="#variables.fullname#" cfsqltype = "cf_sql_varchar">,
   <cfqueryparam value="#form.UserPassword#" cfsqltype = "cf_sql_varchar">,
   <cfqueryparam value="#variables.email#" cfsqltype = "cf_sql_varchar">,
   <cfqueryparam value="#form.streetaddress#" cfsqltype = "cf_sql_varchar">,
   <cfqueryparam value="#form.addressline2#" cfsqltype = "cf_sql_varchar">,
   <cfqueryparam value="#form.city#" cfsqltype = "cf_sql_varchar">,
   <cfqueryparam value="#variables.state#" cfsqltype = "cf_sql_varchar">,
   <cfqueryparam value="#form.zipcode#" cfsqltype = "cf_sql_varchar">,
   <cfqueryparam value="#form.country#" cfsqltype = "cf_sql_varchar">,
   <cfqueryparam value="#form.phonenumber#" cfsqltype = "cf_sql_varchar">
</cfquery>

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Dan_Bracuk
LEGEND ,
Oct 13, 2010 Oct 13, 2010
In Response To BKBK

Regarding str_to_date('#dateNow#','%m-%d-%Y %H:%i:%s'),

Seems a tad overengineered to me.  Doesn't mysql have a function that returns the current date and time?

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Oct 13, 2010 Oct 13, 2010
In Response To Dan_Bracuk

I believe it's CURRENT_TIMESTAMP

So in MySQL you can run this:

     SELECT CURRENT_TIMESTAMP

Which would return the current timestamp.

Dave @ Oyova Software

http://www.oyova.com - Web Design and Development

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
BKBK Community Expert
Community Expert ,
Oct 13, 2010 Oct 13, 2010
In Response To Dan_Bracuk

Dan Bracuk wrote:

Regarding str_to_date('#dateNow#','%m-%d-%Y %H:%i:%s'),

Seems a tad overengineered to me.  Doesn't mysql have a function that returns the current date and time?

MySQL does indeed have functions that return the current date/time. However, I would advise choosing a format in which to store the datetime, and sticking with it throughout. There can be confusion between formats when you move back and forth between Coldfusion and MySQL.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
WhoAmIEditor
New Here ,
Oct 13, 2010 Oct 13, 2010
In Response To BKBK

Got it.

So there isn't a 'more simple' way of creating a form submit data?

Currently it looks like this. None of the code is correct below but just the overall idea.

<cfif button is clicked>
        <cfquery send data to server
</cfif>
<cfform>
     All input boxes here
</cfform>

I guess I'm just wondering if doing the whole IF/THEN/ELSE way of inputing data is the correct way of doing most INSERT interactions with the database.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Dan_Bracuk
LEGEND ,
Oct 13, 2010 Oct 13, 2010
LATEST
In Response To WhoAmIEditor

The way you describe is neither correct nor incorrect.  It's one of two methods that work equally well.

The other method is to submit the form to a different page with the appropriate code.

Going back to your original question, there is another way that incorporates the prevention of duplicate records.  The query would resemble

insert into atable

(field1, field2, etc)

select distinct

value1, value2, etc

from some_small_table

where you don't already have the record.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
BKBK Community Expert
Community Expert ,
Oct 13, 2010 Oct 13, 2010
In Response To BKBK

addendum:

The code should have started as follows:

<!--- store the variables locally, so your SQL script wont be  cluttered. If in a function, then 'var' these variables. --->

<cfset variables.dateNow = dateformat(now(), "mm-dd-yyyy") & " " & timeformat(now(),"HH:MM:SS")>

and the line  str_to_date('#dateNow#','%m-%d-%Y %H:%i:%s')

should have been

str_to_date('#variables.dateNow#','%m-%d-%Y %H:%i:%s'),

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation
ColdFusion User Guide
Open in a new window
Copyright © 2025 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices