cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Exit
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
  • 한국 커뮤니티
0
Upvote

Issue adding a variable with list of values into SQL

ACS LLC
Enthusiast ,
Sep 21, 2011 Sep 21, 2011

Does anybody have any idea why this works -->

SELECT DISTINCT(countryLong) AS CountryLong
FROM ipcountry
WHERE countryShort IN ('US','UK')
ORDER BY countryLong

But this does not work -->

<CFSET target_country = "'US','UK'">

SELECT DISTINCT(countryLong) AS CountryLong
FROM ipcountry
WHERE countryShort IN (#target_country#)
ORDER BY countryLong

When I run with the list as a variable I get an error, Invalid Syntax near 'US'

(CF8 - MS SQL2005)

Thanks

Mark

TOPICS
Database access
757
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

-__cfSearching__-
Valorous Hero , Sep 21, 2011 Sep 21, 2011

I actually posted an example via email. But as usual the forum at my response. Strangely, it worked a few days ago. At least once anyway.  Must have been a fluke.  Anyway here is what response should have looked like:

But if you use cfqueryparam instead, you do not have to worry about quoting the values

<cfset yourList = "US,UK">

  ...

WHERE countryShort IN ( <cfqueryparam value="#yourList#" list="true" cfsqltype="cf_sql_varchar"> )

Translate
replies 4 Replies 4
latest latest Jump to latest reply
-__cfSearching__-
Valorous Hero ,
Sep 21, 2011 Sep 21, 2011

CF automatically escapes single quotes within variables as a defense against sql injection. So the single quotes end up being doubled causing a syntax error

 ie

WHERE countryShort IN (''US'',''UK'')

 

But if you use cfqueryparam instead, you do not have to worry about quoting the values

    )

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
ACS LLC
Enthusiast ,
Sep 21, 2011 Sep 21, 2011
In Response To -__cfSearching__-

I've used CFqueryparam a few times a long time ago, but never in SQL, how would that actually look?

Thanks

Mark

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
-__cfSearching__-
Valorous Hero ,
Sep 21, 2011 Sep 21, 2011
In Response To ACS LLC

I actually posted an example via email. But as usual the forum at my response. Strangely, it worked a few days ago. At least once anyway.  Must have been a fluke.  Anyway here is what response should have looked like:

But if you use cfqueryparam instead, you do not have to worry about quoting the values

<cfset yourList = "US,UK">

  ...

WHERE countryShort IN ( <cfqueryparam value="#yourList#" list="true" cfsqltype="cf_sql_varchar"> )

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
ACS LLC
Enthusiast ,
Sep 21, 2011 Sep 21, 2011
LATEST
In Response To -__cfSearching__-

ahhh. got it.. tried it... it worked .. wonderful... thanks for the help

Mark

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation
ColdFusion User Guide
Open in a new window
Copyright © 2025 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices