I want to retrieve data that is store in a database. I will use the #evaluate(string)# function to execute the coldfusion code in the data that is returned. It works fine for simple variable but hangs up when I try to execute a stored query. Any ideas?
Database: Table: Cell: "<cfquery datasource="#session.dsn#" name="getcust">
select * from customer where cust_id = #url.cust_id#
I query the database for that cell and it will not evaluate the query. Is this possible?
It is not possible to execute a query like that. Or any other ColdFusion tag for that matter.
That is because ColdFusion first has to compile the tag code. ColdFusion cannot do that if the tag comes hidden in a string.
Well, technically: if you want, you can write the content including the tags in a file and use cfinclude to execute the file.
Two remarks. Firstly, I should perhaps have started by asking why you wish to store the entire query tag in the database. Doing so creates a big risk. Anyone who managed to have access to your database could add malicious ColdFusion code.
What developers usually do is store parts of a query in the database. For example, a part of the SQL string.
Secondly, and also on security, your where-clause is unsafe. Use instead (assuming the Id is an integer)
where cust_id = <cfqueryparam value="#url.cust_id#" cfsqltype="cf_sql_integer">
Thanks, I appreciate the advice. Actually what I want to do is store an entire pre-defined pdf document in the database. But the document would need to have query's in it to creat fresh data each time it is retrieved. I would retrieve the entire code and send it to a pdf output format. Does that make sense?