What is the correct way to use sql query in coldfusion function
I have this code that will passed variable to function and insert it. But I'm getting error:
<cffunction name="insertSupplierPersonnel" output="false" access="public" returnType="struct">
<cfargument name="name" type="string" required="true" />
<cfargument name="email" type="string" required="false" default="" />
<cfargument name="office_phone" type="string" required="false" default="" />
<cfargument name="mobile_phone" type="string" required="false" default="" />
<cfargument name="designation" type="string" required="false" default="" />
<cfset var res = '' />
<cfquery datasource="#session.dsn_aset#" result="res">
INSERT INTO `supplier_personnel_incharge` (
`name`,
`email`,
`office_phone`,
`mobile_phone`,
`designation`
)
VALUES
(
cfargument.name,
cfargument.email,
cfargument.office_phone,
cfargument.mobile_phone,
cfargument.designation
) ;
</cfquery>
<cfreturn res />
</cffunction>
<cfset res = insertSupplierPersonnel(name='#form.personnel_name#', email='#form.personnel_email#', office_phone='#form.personnel_office_phone#', mobile_phone='#form.personnel_mobile_phone#', designation='#form.personnel_designation#') />
<cfdump var="#res#">
I'm getting this error:
There's a problem with cfargument.name
. What is the correct way to use cfargument
for insert query? Thanks in advance.
mysql function coldfusion sql-insert coldfusion-2016
add a comment |
I have this code that will passed variable to function and insert it. But I'm getting error:
<cffunction name="insertSupplierPersonnel" output="false" access="public" returnType="struct">
<cfargument name="name" type="string" required="true" />
<cfargument name="email" type="string" required="false" default="" />
<cfargument name="office_phone" type="string" required="false" default="" />
<cfargument name="mobile_phone" type="string" required="false" default="" />
<cfargument name="designation" type="string" required="false" default="" />
<cfset var res = '' />
<cfquery datasource="#session.dsn_aset#" result="res">
INSERT INTO `supplier_personnel_incharge` (
`name`,
`email`,
`office_phone`,
`mobile_phone`,
`designation`
)
VALUES
(
cfargument.name,
cfargument.email,
cfargument.office_phone,
cfargument.mobile_phone,
cfargument.designation
) ;
</cfquery>
<cfreturn res />
</cffunction>
<cfset res = insertSupplierPersonnel(name='#form.personnel_name#', email='#form.personnel_email#', office_phone='#form.personnel_office_phone#', mobile_phone='#form.personnel_mobile_phone#', designation='#form.personnel_designation#') />
<cfdump var="#res#">
I'm getting this error:
There's a problem with cfargument.name
. What is the correct way to use cfargument
for insert query? Thanks in advance.
mysql function coldfusion sql-insert coldfusion-2016
either put#
around orcfqueryparam
– Bernhard Döbler
Nov 24 '18 at 21:36
4
You run a serious risk of opening yourself up to SQL injection if you don't usecfqueryparam
.
– Seanvm
Nov 25 '18 at 2:01
add a comment |
I have this code that will passed variable to function and insert it. But I'm getting error:
<cffunction name="insertSupplierPersonnel" output="false" access="public" returnType="struct">
<cfargument name="name" type="string" required="true" />
<cfargument name="email" type="string" required="false" default="" />
<cfargument name="office_phone" type="string" required="false" default="" />
<cfargument name="mobile_phone" type="string" required="false" default="" />
<cfargument name="designation" type="string" required="false" default="" />
<cfset var res = '' />
<cfquery datasource="#session.dsn_aset#" result="res">
INSERT INTO `supplier_personnel_incharge` (
`name`,
`email`,
`office_phone`,
`mobile_phone`,
`designation`
)
VALUES
(
cfargument.name,
cfargument.email,
cfargument.office_phone,
cfargument.mobile_phone,
cfargument.designation
) ;
</cfquery>
<cfreturn res />
</cffunction>
<cfset res = insertSupplierPersonnel(name='#form.personnel_name#', email='#form.personnel_email#', office_phone='#form.personnel_office_phone#', mobile_phone='#form.personnel_mobile_phone#', designation='#form.personnel_designation#') />
<cfdump var="#res#">
I'm getting this error:
There's a problem with cfargument.name
. What is the correct way to use cfargument
for insert query? Thanks in advance.
mysql function coldfusion sql-insert coldfusion-2016
I have this code that will passed variable to function and insert it. But I'm getting error:
<cffunction name="insertSupplierPersonnel" output="false" access="public" returnType="struct">
<cfargument name="name" type="string" required="true" />
<cfargument name="email" type="string" required="false" default="" />
<cfargument name="office_phone" type="string" required="false" default="" />
<cfargument name="mobile_phone" type="string" required="false" default="" />
<cfargument name="designation" type="string" required="false" default="" />
<cfset var res = '' />
<cfquery datasource="#session.dsn_aset#" result="res">
INSERT INTO `supplier_personnel_incharge` (
`name`,
`email`,
`office_phone`,
`mobile_phone`,
`designation`
)
VALUES
(
cfargument.name,
cfargument.email,
cfargument.office_phone,
cfargument.mobile_phone,
cfargument.designation
) ;
</cfquery>
<cfreturn res />
</cffunction>
<cfset res = insertSupplierPersonnel(name='#form.personnel_name#', email='#form.personnel_email#', office_phone='#form.personnel_office_phone#', mobile_phone='#form.personnel_mobile_phone#', designation='#form.personnel_designation#') />
<cfdump var="#res#">
I'm getting this error:
There's a problem with cfargument.name
. What is the correct way to use cfargument
for insert query? Thanks in advance.
mysql function coldfusion sql-insert coldfusion-2016
mysql function coldfusion sql-insert coldfusion-2016
asked Nov 24 '18 at 19:31
sg552sg552
80231941
80231941
either put#
around orcfqueryparam
– Bernhard Döbler
Nov 24 '18 at 21:36
4
You run a serious risk of opening yourself up to SQL injection if you don't usecfqueryparam
.
– Seanvm
Nov 25 '18 at 2:01
add a comment |
either put#
around orcfqueryparam
– Bernhard Döbler
Nov 24 '18 at 21:36
4
You run a serious risk of opening yourself up to SQL injection if you don't usecfqueryparam
.
– Seanvm
Nov 25 '18 at 2:01
either put
#
around or cfqueryparam
– Bernhard Döbler
Nov 24 '18 at 21:36
either put
#
around or cfqueryparam
– Bernhard Döbler
Nov 24 '18 at 21:36
4
4
You run a serious risk of opening yourself up to SQL injection if you don't use
cfqueryparam
.– Seanvm
Nov 25 '18 at 2:01
You run a serious risk of opening yourself up to SQL injection if you don't use
cfqueryparam
.– Seanvm
Nov 25 '18 at 2:01
add a comment |
1 Answer
1
active
oldest
votes
First, the correct scope is arguments
, not cfargument
. So, change this sort of thing:
cfargument.name,
to this:
arguments.name,
Next, you have to surround your variable names with pound signs to get the value of the variable, i.e. #arguments.name#
.
Next, use query parameters, i.e. <cfqueryparam value="#arguments.name#">
. Among other things, they will escape special characters used in the SQL query syntax.
1
I would also recommend at least some basic error checking or sanitation before you insert the form values into your function. Or even just a simpletrim()
around the values to keep leading or trailing spaces out of your data.
– Shawn
Nov 25 '18 at 17:28
Yep. @sg552 - Note, thoughcfsqltype
was omitted for brevity, always specify one to avoid unexpected results in some cases.
– Ageax
Nov 26 '18 at 19:26
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53461676%2fwhat-is-the-correct-way-to-use-sql-query-in-coldfusion-function%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
First, the correct scope is arguments
, not cfargument
. So, change this sort of thing:
cfargument.name,
to this:
arguments.name,
Next, you have to surround your variable names with pound signs to get the value of the variable, i.e. #arguments.name#
.
Next, use query parameters, i.e. <cfqueryparam value="#arguments.name#">
. Among other things, they will escape special characters used in the SQL query syntax.
1
I would also recommend at least some basic error checking or sanitation before you insert the form values into your function. Or even just a simpletrim()
around the values to keep leading or trailing spaces out of your data.
– Shawn
Nov 25 '18 at 17:28
Yep. @sg552 - Note, thoughcfsqltype
was omitted for brevity, always specify one to avoid unexpected results in some cases.
– Ageax
Nov 26 '18 at 19:26
add a comment |
First, the correct scope is arguments
, not cfargument
. So, change this sort of thing:
cfargument.name,
to this:
arguments.name,
Next, you have to surround your variable names with pound signs to get the value of the variable, i.e. #arguments.name#
.
Next, use query parameters, i.e. <cfqueryparam value="#arguments.name#">
. Among other things, they will escape special characters used in the SQL query syntax.
1
I would also recommend at least some basic error checking or sanitation before you insert the form values into your function. Or even just a simpletrim()
around the values to keep leading or trailing spaces out of your data.
– Shawn
Nov 25 '18 at 17:28
Yep. @sg552 - Note, thoughcfsqltype
was omitted for brevity, always specify one to avoid unexpected results in some cases.
– Ageax
Nov 26 '18 at 19:26
add a comment |
First, the correct scope is arguments
, not cfargument
. So, change this sort of thing:
cfargument.name,
to this:
arguments.name,
Next, you have to surround your variable names with pound signs to get the value of the variable, i.e. #arguments.name#
.
Next, use query parameters, i.e. <cfqueryparam value="#arguments.name#">
. Among other things, they will escape special characters used in the SQL query syntax.
First, the correct scope is arguments
, not cfargument
. So, change this sort of thing:
cfargument.name,
to this:
arguments.name,
Next, you have to surround your variable names with pound signs to get the value of the variable, i.e. #arguments.name#
.
Next, use query parameters, i.e. <cfqueryparam value="#arguments.name#">
. Among other things, they will escape special characters used in the SQL query syntax.
edited Nov 25 '18 at 0:13
Alex
4,8711831
4,8711831
answered Nov 24 '18 at 21:27
Dan BracukDan Bracuk
18.5k32036
18.5k32036
1
I would also recommend at least some basic error checking or sanitation before you insert the form values into your function. Or even just a simpletrim()
around the values to keep leading or trailing spaces out of your data.
– Shawn
Nov 25 '18 at 17:28
Yep. @sg552 - Note, thoughcfsqltype
was omitted for brevity, always specify one to avoid unexpected results in some cases.
– Ageax
Nov 26 '18 at 19:26
add a comment |
1
I would also recommend at least some basic error checking or sanitation before you insert the form values into your function. Or even just a simpletrim()
around the values to keep leading or trailing spaces out of your data.
– Shawn
Nov 25 '18 at 17:28
Yep. @sg552 - Note, thoughcfsqltype
was omitted for brevity, always specify one to avoid unexpected results in some cases.
– Ageax
Nov 26 '18 at 19:26
1
1
I would also recommend at least some basic error checking or sanitation before you insert the form values into your function. Or even just a simple
trim()
around the values to keep leading or trailing spaces out of your data.– Shawn
Nov 25 '18 at 17:28
I would also recommend at least some basic error checking or sanitation before you insert the form values into your function. Or even just a simple
trim()
around the values to keep leading or trailing spaces out of your data.– Shawn
Nov 25 '18 at 17:28
Yep. @sg552 - Note, though
cfsqltype
was omitted for brevity, always specify one to avoid unexpected results in some cases.– Ageax
Nov 26 '18 at 19:26
Yep. @sg552 - Note, though
cfsqltype
was omitted for brevity, always specify one to avoid unexpected results in some cases.– Ageax
Nov 26 '18 at 19:26
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53461676%2fwhat-is-the-correct-way-to-use-sql-query-in-coldfusion-function%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
either put
#
around orcfqueryparam
– Bernhard Döbler
Nov 24 '18 at 21:36
4
You run a serious risk of opening yourself up to SQL injection if you don't use
cfqueryparam
.– Seanvm
Nov 25 '18 at 2:01