cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Exit
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
  • 한국 커뮤니티
0
Upvote

SQL query and CFOUTPUT question

pkonshak
New Here ,
May 04, 2010 May 04, 2010

Hi,

I'm trying to compare two tables in a database.  I need to output a few fields from one table, compare one field between the two tables.  Users are selecting the tables.  I have written an SQL query which does what I need:

<cfquery name="getitems" datasource="snapshot">
select #endtable#.field9, #endtable#.field12, #endtable#.field4, #endtable#.field13, #endtable#.field2, #endtable#.field3, #starttable#.field3
from #endtable#, #starttable#
where #endtable#.field5='#form.field5#'
and #starttable#.field2=#endtable#.field2
</cfquery>

Problem is on output.  You can see I am selecting field3 from two tables.  I also want to output both field3 values.

<cfoutput query="getitems">

#field3#

</cfoutput>

This gives me the value which was selected as #endtable#.field3.

How can I output the other -- #starttable#.field3?

As noted, the table names are variables being passed into the query...  Thanks!

Peter

TOPICS
Advanced techniques
827
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

-__cfSearching__-
Valorous Hero , May 04, 2010 May 04, 2010

How can I output the other -- #starttable#.field3?

Use an alias to give the fields different names ie table.column AS SomeName. Otherwise, cfquery may not know which field you mean when you say "field3".

select #endtable#.field9, #endtable#.field12,

Be careful using this type of sql. Depending on the source of your variables, this can pose a sql injection risk.

Translate
replies 5 Replies 5
latest latest Jump to latest reply
-__cfSearching__-
Valorous Hero ,
May 04, 2010 May 04, 2010

How can I output the other -- #starttable#.field3?

Use an alias to give the fields different names ie table.column AS SomeName. Otherwise, cfquery may not know which field you mean when you say "field3".

select #endtable#.field9, #endtable#.field12,

Be careful using this type of sql. Depending on the source of your variables, this can pose a sql injection risk.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
pkonshak
New Here ,
May 04, 2010 May 04, 2010
In Response To -__cfSearching__-

Thank you, that worked beautifully!  Another trick learned..

Also, thanks for the sql injection warning -- I am cleaning the input before passing it into the query.  Much appreciated!

Peter

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Dan_Bracuk
LEGEND ,
May 04, 2010 May 04, 2010
In Response To pkonshak

Regarding:

I am cleaning the input before passing it into the query

Even this one?

'#form.field5#'

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
pkonshak
New Here ,
May 05, 2010 May 05, 2010
In Response To Dan_Bracuk

Hi,

The #form.field5# comes via a select list....no user input of data.

I suppose it is still possible to be compromised.  I'll fix that.  Thanks!

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
-__cfSearching__-
Valorous Hero ,
May 05, 2010 May 05, 2010
LATEST
In Response To pkonshak

The #form.field5# comes via a select list....no user input

of data....

Someone could easily construct a fake http post, with malicious sql in the "form" fields, and submit it to your action page. That is why it is vulnerable.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation
ColdFusion User Guide
Open in a new window
Copyright © 2025 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices