CFloop query to store multiple values in database - coldfusion

I have few variables that contain multiple values. Basically I want to store all the values into my database. I am using this code which I got here in Stackoverflow.
<cfquery datasource="databaseName">
INSERT INTO spreadsheet
([Local.Time.Stamp],
[Energy.Delivered..kVAh.],
[Energy.Received..kVAh.],
[Energy.Received..kVARh.],
[Energy.Delivered..kVARh.],
[Real.A..kW.],
[Real.B..kW.])
VALUES
(<cfloop query="excelquery">
'#excelquery.col_1#',
'#excelquery.col_2#',
'#excelquery.col_3#',
'#excelquery.col_4#',
'#excelquery.col_5#',
'#excelquery.col_6#',
'#excelquery.col_7#'
</cfloop>)
</cfquery>
However I always get a syntax error. I believe that my cfloop part is wrong, can someone please tell me the correct way for me to write that cfloop?

The problem is with the generated query not cfloop i.e., for entering multiple values the format should be like this:
INSERT INTO TableName (col,col,...) VALUES (val,val,...),(val,val,...),...
Also, use cfqueryparam to avoid sql injection.
You can try this:
<cfquery datasource="databaseName">
INSERT INTO spreadsheet
([Local.Time.Stamp],
[Energy.Delivered..kVAh.],
[Energy.Received..kVAh.],
[Energy.Received..kVARh.],
[Energy.Delivered..kVARh.],
[Real.A..kW.],
[Real.B..kW.])
VALUES
<cfloop query="excelquery">
<!--- cf_sql_varchar is just an example. --->
(<cfqueryparam cfsqltype="cf_sql_varchar" value="#excelquery.col_1#">,
<cfqueryparam cfsqltype="cf_sql_varchar" value="#excelquery.col_2#">,
<cfqueryparam cfsqltype="cf_sql_varchar" value="#excelquery.col_3#">,
<cfqueryparam cfsqltype="cf_sql_varchar" value="#excelquery.col_4#">,
<cfqueryparam cfsqltype="cf_sql_varchar" value="#excelquery.col_5#">,
<cfqueryparam cfsqltype="cf_sql_varchar" value="#excelquery.col_6#">,
<cfqueryparam cfsqltype="cf_sql_varchar" value="#excelquery.col_7#">)
#excelQuery.currentRow NEQ excelQuery.recordCount ? ',': ''#
</cfloop>
</cfquery>
You might have to add a recordCount check before generating the query to avoid errors for no records.

Related

insert into table by looping over structure

I am trying to insert into the code but it is inserting value in every row, rather than question value in question and answer value in answer:
<cfset StructDelete(structform,'title')>
<cfset StructDelete(structform,'mode')>
<cfset StructDelete(structform,'formsubmission')>
<cfset StructDelete(structform,'file_upload')>
<cfset StructDelete(structform,'czContainer_czMore_txtCount')>
<CFSET StructDelete(structform,'action')>
<CFLOOP collection="#structform#" index="whichPair">
<cfset Questions = "question" & structform[whichPair]>
<cfset answer = "answer" & structform[whichpair]>
<cfquery name="insertData" datasource="aas">
insert into faqsquestions(question,answer,createdon,faqID)
values(<cfqueryparam cfsqltype="cf_sql_varchar" value="#Right(questions, Len(questions)-8)#">,
<cfqueryparam cfsqltype="cf_sql_longvarchar" value="#Right(answer, Len(answer)-8)#">,
<cfqueryparam cfsqltype="cf_sql_date" value="#CreateODBCDate(now())#">,
<cfqueryparam cfsqltype="cf_sql_integer" value="#getLastID#">)
</cfquery>
</CFLOOP>
can anyone tell what i am doing wrong here, i know i am using question as a static value just inside the loop as cfset and doing a right to remove that question variable which makes no sense but i will remove it when i am finished fixing my code
questions and answers are like this:
http://prntscr.com/lntu2l
That's the wrong type of loop for what you're trying to do. The reason is a structure loop iterates once - for each field. When what you want is to loop once - for each pair of fields.
A simple option is add a hidden field to your form, containing the total number of pairs.
<input type="hidden" name="NumberOfQuestions" value="#TheTotalNumberHere#">
Then use the total number with a from and to loop. On each iteration, extract the current value of the question and answer fields, and use them in your query:
<cfloop from="1" to="#FORM.NumberOfQuestions#" index="pairNum">
<cfset question = FORM["question"& pairNum]>
<cfset answer = FORM["answer"& pairNum]>
<cfquery ...>
INSERT INTO faqsQuestions(question,answer,createdon,faqID)
VALUES (
<cfqueryparam cfsqltype="cf_sql_varchar" value="#question#">
, <cfqueryparam cfsqltype="cf_sql_longvarchar" value="#answer#">
, <cfqueryparam cfsqltype="cf_sql_date" value="#now()#">
, <cfqueryparam cfsqltype="cf_sql_integer" value="#getLastID#">
)
</cfquery>
</cfloop>

Loop over the cfquery tag values

I have the following query where I loop over a list of values but I am getting an error at the last comma:
<cfquery datasource="#application.dsn#">
INSERT INTO #session.tablename# ( #lFields# )
VALUES (
<cfloop list="#lFields#" index="kk">
<cfqueryparam value="#TRIM(sVideoGame['#kk#'])#" cfsqltype="cf_sql_varchar" null="#NOT LEN(TRIM(sVideoGame['#kk#']))#" />,
</cfloop>
)
</cfquery>
Problem occurs with the last comma. I tried setting up a counter before the cfloop, setting it 0 and incrementing to 1 inside the cfloop. However, I am not sure how to remove the last comma based upon some condition check.
In order to keep track of the position, you will need a from/to loop instead of a list loop. Then add a comma after you pass the first query parameter.
For ColdFusion 2016+ it can be done using the "item" and "index" attributes:
...
<cfloop list="#yourListVariable#" item="keyName" index="position">
<!--- if we've passed the first parameter, add a comma --->
<cfif position gt 1>,</cfif>
<cfqueryparam value="#TRIM(sVideoGame[ keyName ])#"
cfsqltype="cf_sql_varchar"
null="#NOT LEN(sVideoGame[keyName])#" />
</cfloop>
...
CF11 and earlier require a little more work. To simplify the code, I would recommend converting the list to an array:
<cfset keyArray = listToArray(yourListVariable)>
...
<cfloop from="1" to="#arrayLen(keyArray)#" index="position">
<!--- if we've passed the first parameter, add a comma --->
<cfif position gt 1>,</cfif>
<cfqueryparam value="#TRIM(sVideoGame[ keyArray[position] ])#"
cfsqltype="cf_sql_varchar"
null="#NOT LEN(sVideoGame[ keyArray[position] ])#" />
</cfloop>
...
Side note, I noticed the query uses dynamic table and column names. Be sure those values are NOT user supplied, or the query is vulnerable to sql injection.
If your only question is how to deal with the last comma, then you can do it with
<cfset listCount = 1>
<cfloop list="#lFields#" index="kk">
<cfqueryparam value="#TRIM(sVideoGame['#kk#'])#"
cfsqltype="cf_sql_varchar" null="#NOT LEN(TRIM(sVideoGame['#kk#']))#" />
<cfif listLen(lFields) is not listCount>,</cfif>
<cfset listCount = listCount+1>
</cfloop>

How to loop form values depending on form column name?

I have a form containing 6 check_num fields, 1 account number and an amount. I would like to insert those values into a database table:
<cfquery datasource="test" name="test">
insert into test (ACCOUNT_NUMBER,check_num,amount)
values ('#ACCOUNT_NUMBER#','#check_num#','#amount#')
</cfquery>
However, I don't want to insert all of the values into 1 row. If any of the check_num fields contain a number, I want to insert that value, along with with the acccount_number and amount values.
For example with the data below, I would like to insert 5 rows. The field "check_num6" would be skipped because it is empty.
ACCOUNT_NUMBER 123456789
CHECK_NUM1 56623
CHECK_NUM2 5512
CHECK_NUM3 6562
CHECK_NUM4 653
CHECK_NUM5 6623
CHECK_NUM6
AMOUNT 32.31
FIELDNAMES ACCOUNT_NUMBER,CHECK_NUM1,CHECK_NUM2,CHECK_NUM3,CHECK_NUM4,CHECK_NUM5,CHECK_NUM6,AMOUNT,SUBMIT
SUBMIT Submit
Not perfect but you can start/get some inspiration from here:
<cfloop list="#StructKeyList(form)#" index="i">
<cfif (left('#i#', 9) is "CHECK_NUM") and (trim(form['#i#']) is not "")>
<cfquery datasource="test" name="test">
insert into test (ACCOUNT_NUMBER,check_num,amount)
values ('#ACCOUNT_NUMBER#','#form['#i#']#','#amount#')
</cfquery>
</cfif>
</cfloop>
Also you should validate, see if your DB supports multiple inserts, change your query to use cfqueryparam, research about it. So, a better cfquery code would be:
<cfquery datasource="test" name="test">
insert into test (
ACCOUNT_NUMBER,
check_num,
amount
)
values (
<cfqueryparam cfsqltype="cf_sql_varchar" value="#form.ACCOUNT_NUMBER#">,
<cfqueryparam cfsqltype="cf_sql_varchar" value="#form['#i#']#">,
<cfqueryparam cfsqltype="cf_sql_varchar" value="#form.amount#">
)
</cfquery>

Cannot create members with special character surname

I am working on a software where I cannot create a new member (ie person) with special characters in the surname. For example, the surname cannot be "O'Connor", because it contains a special character. But that type of surname can be added in database directly.
I am using ColdFusion and PostgreSQL 9.3. It works by removing the "cleantrim" function before surname in coding, but it is a temporary solution. Can anyone help me how we can do it?
'#Call.tSurName#',
'#TrimCleanValue(Call.tFirstName)#',
'#TrimCleanValue(CAll.tMiddleName)#',
'#TrimCleanValue(Call.tPReferredName)#',
'#TrimCleanValue(Call.tScoutingName)#',
'#TrimCleanValue(Call.tPostNominal)#',
'#Call.tTitle#',
You should be using cfqueryparam for all database inserts. Especially something coming from the client. Not only does cfqueryparam help prevent SQL injection it also escapes quotes and can help make your queries faster.
<cfqueryparam cfsqltype="cf_sql_varchar" value="#Call.tSurName#">,
<cfqueryparam cfsqltype="cf_sql_varchar" value="#Call.tFirstName#">,
<cfqueryparam cfsqltype="cf_sql_varchar" value="#Call.tMiddleName">,
<cfqueryparam cfsqltype="cf_sql_varchar" value="#Call.tPReferredName">,
<cfqueryparam cfsqltype="cf_sql_varchar" value="#Call.tScoutingName">,
<cfqueryparam cfsqltype="cf_sql_varchar" value="#Call.tPostNominal">,
<cfqueryparam cfsqltype="cf_sql_varchar" value="#Call.tTitle">

What's wrong with my simple insert?

I'm using coldfusion to insert the contents of a struct (key-value pairs) into a database table. This is my code:
<cfloop collection="#results#" item="ID" >
<cfquery name="insertStuff" datasource="myDataSource">
INSERT INTO web..Stuff (ID, Name)
VALUES (#ID#, #results[ID]#)
</cfquery>
</cfloop>
This seems simple enough... but I'm getting the following error:
Incorrect syntax near 'VA'.
Any ideas?
You really ought to think about parameterising your data too.
<cfloop collection="#results#" item="ID" >
<cfquery name="insertStuff" datasource="myDataSource">
INSERT INTO web..Stuff (ID, Name)
VALUES (
<cfqueryparam cfsqltype="cf_sql_varchar" value="#ID#">,
<cfqueryparam cfsqltype="cf_sql_varchar" value="#results[ID]#">)
</cfquery>
</cfloop>
I think I may have solved it... forgot the quotes, and they're both varchar fields :-/
<cfloop collection="#results#" item="ID" >
<cfquery name="insertStuff" datasource="myDataSource">
INSERT INTO web..Stuff (ID, Name)
VALUES ('#ID#', '#results[ID]#')
</cfquery>
</cfloop>