ColdFusion "OR" query allowing username or employee number for login - coldfusion

I have a log in page where I am trying to query the database and let the user login by either there employee_number or by there user_name using coldfusion to do so. Is it possible to add the OR employee_number in order to do so? If I remove the OR part it works with just the user name but I am trying to figure out how to let the user use either there user name or employee number. Then no matter which one they enter have the session go by the employee number. Like this <cfset session.employee_number = userVerify.employee_number />
<!--- Get all records from the database that match this users credentials --->
<cfquery name="userVerify" datasource="test">
SELECT *
FROM dbo.Users
WHERE user_name = '#user_name#'
AND user_pass = '#user_pass#'
OR employee_number = '#employee_number#'
AND user_pass = '#user_pass#'
</cfquery>
<cfif userVerify.RecordCount>
<!--- This user has logged in correctly, change the value of the session.allowin value --->
<cfset session.allowin = "True" />
<cfset session.employee_number = userVerify.employee_number />
<!--- Now welcome user and redirect to "index.html" --->
<script>
alert("Welcome <cfoutput>#user_name#</cfoutput>, you have been successfully logged in!");
self.location="../empty_page.html";
</script>
<cfelse>
<!--- this user did not log in correctly, alert and redirect to the login page --->
<script>
alert("Your credentials could not be verified, please try again!");
self.location="Javascript:history.go(-1)";
</script>
</cfif>
PS I know not to use Select * this was just for testing purposes


EDIT: Removed variable employee_number that was in original question since it is not actually a variable being passed in.
<cfquery name="userVerify" datasource="test">
SELECT employee_number
FROM dbo.Users
WHERE user_pass = <cfqueryparam value="#user_pass#" cfsqltype="cf_sql_varchar" />
AND (
user_name = <cfqueryparam value="#user_name#" cfsqltype="cf_sql_varchar" />
OR
employee_number = <cfqueryparam value="#user_name#" cfsqltype="cf_sql_varchar" />
)
</cfquery>


Put brackets around the OR to indicate the precedence:
<cfquery name="userVerify" datasource="test">
SELECT *
FROM dbo.Users
WHERE ( user_name = <cfqueryparam value="#user_name#" cfsqltype="CF_SQL_VARCHAR" />
OR employee_number = <cfqueryparam value="#employee_number#" cfsqltype="CF_SQL_VARCHAR" />
)
AND user_pass = <cfqueryparam value="#user_pass#" cfsqltype="CF_SQL_VARCHAR" />
</cfquery>
(Also, use parameterised queries or you are just asking for SQL injection issues).
Or, to prevent them entering a valid name and invalid id combination (or vice versa) you could do:
<cfquery name="userVerify" datasource="test">
SELECT *
FROM dbo.Users
WHERE ( ( user_name = <cfqueryparam value="#user_name#" cfsqltype="CF_SQL_VARCHAR" null = YesNoFormat( user_name IS "" ) />
AND ( employee_number = <cfqueryparam value="#employee_number#" cfsqltype="CF_SQL_VARCHAR" null = YesNoFormat( employee_number IS "" ) />
OR <cfqueryparam value="#employee_number#" cfsqltype="CF_SQL_VARCHAR" null = YesNoFormat( employee_number IS "" ) /> IS NULL
)
)
OR ( <cfqueryparam value="#user_name#" cfsqltype="CF_SQL_VARCHAR" null = YesNoFormat( user_name IS "" ) /> IS NULL
AND employee_number = <cfqueryparam value="#employee_number#" cfsqltype="CF_SQL_VARCHAR" null = YesNoFormat( employee_number IS "" ) />
)
)
AND user_pass = <cfqueryparam value="#user_pass#" cfsqltype="CF_SQL_VARCHAR" />
</cfquery>


Try this to get the loggedin user or employee details
<cfquery name="userVerify" datasource="test">
SELECT *
FROM dbo.Users
WHERE user_pass = <cfqueryparam value="#user_pass#" cfsqltype="cf_sql_varchar" />
AND (
user_name = <cfqueryparam value="#user_name#" cfsqltype="cf_sql_varchar" />
OR
employee_number = <cfqueryparam value="#employee_number#" cfsqltype="cf_sql_varchar" />
)
</cfquery>

Related

How to handle accents characters in Spanish websites in Mura

The issue I am encountering is when a user is on the Spanish website, they are not able to see all results if their type the word incorrectly. Meaning, if their character does not have the accent above the character, the results will show blank.
For example, if the user types the word "Medico" without the accent on top of the "é", the search will return blank.
I am using a Mura, a CMS which the search is created. I was able to locate the function where it does search based on the user input. However, I am not able to clearly understand how the query is being implemented.
I am trying to modify the function so that it uses the collation, which I found an example on how to use on stackoverflow, which would handle the accents for Spanish or any other language(s).
I figure it should go after "where" and have a cfif statement where if it is the spanish site, to incorporate the collation.
<cfif #siteID# = "SpanishSite" />
//here would go the collation on keywords, titles, etc.
Note that the query is done in coldfusion:
<cffunction name="getPublicSearch" returntype="query" access="public" output="false">
<cfargument name="siteid" type="string" required="true">
<cfargument name="keywords" type="string" required="true">
<cfargument name="tag" type="string" required="true" default="">
<cfargument name="sectionID" type="string" required="true" default="">
<cfargument name="categoryID" type="string" required="true" default="">
<cfargument name="tagGroup" type="string" required="true" default="">
<cfset var rsPublicSearch = "">
<cfset var w = "">
<cfset var c = "">
<cfset var categoryListLen=listLen(arguments.categoryID)>
<cfquery attributeCollection="#variables.configBean.getReadOnlyQRYAttrs(name='rsPublicSearch',maxrows=1000)#">
<!--- Find direct matches with no releasedate --->
select tcontent.contentid,tcontent.contenthistid,tcontent.siteid,tcontent.title,tcontent.menutitle,tcontent.targetParams,tcontent.filename,tcontent.summary,tcontent.tags,
tcontent.restricted,tcontent.releaseDate,tcontent.type,tcontent.subType,
tcontent.restrictgroups,tcontent.target ,tcontent.displaystart,tcontent.displaystop,0 as Comments,
tcontent.credits, tcontent.remoteSource, tcontent.remoteSourceURL,
tcontent.remoteURL,tfiles.fileSize,tfiles.fileExt,tcontent.fileID,tcontent.audience,tcontent.keyPoints,
tcontentstats.rating,tcontentstats.totalVotes,tcontentstats.downVotes,tcontentstats.upVotes, 0 as kids,
tparent.type parentType,tcontent.nextn,tcontent.path,tcontent.orderno,tcontent.lastupdate, tcontent.created,
tcontent.created sortdate, 0 priority,tcontent.majorVersion, tcontent.minorVersion, tcontentstats.lockID, tcontentstats.lockType,
tcontent.expires,tfiles.filename as assocFilename, tcontentfilemetadata.altText as fileAltText,
CASE WHEN tcontent.title = <cfqueryparam cfsqltype="cf_sql_varchar" value="#renderTextParamValue(arguments.keywords)#">
or tcontent.menuTitle = <cfqueryparam cfsqltype="cf_sql_varchar" value="#renderTextParamValue(arguments.keywords)#"> THEN 0 ELSE 1 END AS superSort
from tcontent Left Join tfiles ON (tcontent.fileID=tfiles.fileID)
Left Join tcontent tparent on (tcontent.parentid=tparent.contentid
and tcontent.siteid=tparent.siteid
and tparent.active=1)
Left Join tcontentstats on (tcontent.contentid=tcontentstats.contentid
and tcontent.siteid=tcontentstats.siteid)
Left Join tcontentfilemetadata on (tcontent.fileid=tcontentfilemetadata.fileid
and tcontent.contenthistid=tcontentfilemetadata.contenthistid)
<cfif len(arguments.tag)>
Inner Join tcontenttags on (tcontent.contentHistID=tcontenttags.contentHistID)
</cfif>
where
(tcontent.Active = 1
AND tcontent.Approved = 1
AND tcontent.siteid = <cfqueryparam cfsqltype="cf_sql_varchar" value="#arguments.siteID#"/> )
AND
(
tcontent.Display = 2
AND
(
(tcontent.DisplayStart <= <cfqueryparam cfsqltype="cf_sql_timestamp" value="#now()#">
AND (tcontent.DisplayStop >= <cfqueryparam cfsqltype="cf_sql_timestamp" value="#now()#"> or tcontent.DisplayStop is null)
)
OR tparent.type='Calendar'
)
OR tcontent.Display = 1
)
AND
tcontent.type in ('Page','Folder','Calendar','File','Link','Gallery')
AND tcontent.releaseDate is null
<cfif len(arguments.sectionID)>
and tcontent.path like <cfqueryparam cfsqltype="cf_sql_varchar" value="%#arguments.sectionID#%">
</cfif>
<cfif len(arguments.tag)>
and (
#renderTextParamColumn('tcontenttags.tag')# in (<cfqueryparam list="true" cfsqltype="cf_sql_varchar" value="#renderTextParamValue(arguments.tag)#"/> )
<cfif len(arguments.tagGroup) and arguments.tagGroup neq 'default'>
and #renderTextParamColumn('tcontenttags.taggroup')#=<cfqueryparam cfsqltype="cf_sql_varchar" value="#renderTextParamValue(arguments.taggroup)#"/>
</cfif>
)
<cfelse>
<!---
<cfloop list="#trim(arguments.keywords)#" index="w" delimiters=" ">
and
(tcontent.Title like <cfqueryparam cfsqltype="cf_sql_varchar" value="%#w#%">
or tcontent.menuTitle like <cfqueryparam cfsqltype="cf_sql_varchar" value="%#w#%">
or tcontent.metaKeywords like <cfqueryparam cfsqltype="cf_sql_varchar" value="%#w#%">
or tcontent.summary like <cfqueryparam cfsqltype="cf_sql_varchar" value="%#w#%">
or tcontent.body like <cfqueryparam cfsqltype="cf_sql_varchar" value="%#w#%">)
</cfloop>
--->
and
(#renderTextParamColumn('tcontent.Title')# like <cfqueryparam cfsqltype="cf_sql_varchar" value="%#renderTextParamValue(arguments.keywords)#%">
or #renderTextParamColumn('tcontent.menuTitle')# like <cfqueryparam cfsqltype="cf_sql_varchar" value="%#renderTextParamValue(arguments.keywords)#%">
or #renderTextParamColumn('tcontent.metaKeywords')# like <cfqueryparam cfsqltype="cf_sql_varchar" value="%#renderTextParamValue(arguments.keywords)#%">
or #renderTextParamColumn('tcontent.summary')# like <cfqueryparam cfsqltype="cf_sql_varchar" value="%#renderTextParamValue(arguments.keywords)#%">
or (
tcontent.type not in ('Link','File')
and #renderTextParamColumn('tcontent.body')# like <cfqueryparam cfsqltype="cf_sql_varchar" value="%#renderTextParamValue(arguments.keywords)#%">
)
or #renderTextParamColumn('tcontent.credits')# like <cfqueryparam cfsqltype="cf_sql_varchar" value="%#renderTextParamValue(arguments.keywords)#%">
or tcontent.contenthistid in (
select distinct tcontent.contenthistid from tclassextenddata
inner join tcontent on (tclassextenddata.baseid=tcontent.contenthistid)
where tcontent.active=1
and tcontent.siteid=<cfqueryparam cfsqltype="cf_sql_varchar" value="#arguments.siteID#"/>
and #renderTextParamColumn('tclassextenddata.attributeValue')# like <cfqueryparam cfsqltype="cf_sql_varchar" value="%#renderTextParamValue(arguments.keywords)#%">
))
</cfif>
and tcontent.searchExclude=0
<cfif categoryListLen>
and tcontent.contentHistID in (
select tcontentcategoryassign.contentHistID from
tcontentcategoryassign
inner join tcontentcategories
ON (tcontentcategoryassign.categoryID=tcontentcategories.categoryID)
where (<cfloop from="1" to="#categoryListLen#" index="c">
tcontentcategories.path like <cfqueryparam cfsqltype="cf_sql_varchar" value="%#listgetat(arguments.categoryID,c)#%"/>
<cfif c lt categoryListLen> or </cfif>
</cfloop>)
)
</cfif>
#renderMobileClause()#
union all
<!--- Find direct matches with releasedate --->
select tcontent.contentid,tcontent.contenthistid,tcontent.siteid,tcontent.title,tcontent.menutitle,tcontent.targetParams,tcontent.filename,tcontent.summary,tcontent.tags,
tcontent.restricted,tcontent.releaseDate,tcontent.type,tcontent.subType,
tcontent.restrictgroups,tcontent.target ,tcontent.displaystart,tcontent.displaystop,0 as Comments,
tcontent.credits, tcontent.remoteSource, tcontent.remoteSourceURL,
tcontent.remoteURL,tfiles.fileSize,tfiles.fileExt,tcontent.fileID,tcontent.audience,tcontent.keyPoints,
tcontentstats.rating,tcontentstats.totalVotes,tcontentstats.downVotes,tcontentstats.upVotes, 0 as kids,
tparent.type parentType,tcontent.nextn,tcontent.path,tcontent.orderno,tcontent.lastupdate, tcontent.created,
tcontent.releaseDate sortdate, 0 priority,tcontent.majorVersion, tcontent.minorVersion, tcontentstats.lockID, tcontentstats.lockType,
tcontent.expires,tfiles.filename as assocFilename, tcontentfilemetadata.altText as fileAltText,
CASE WHEN tcontent.title = <cfqueryparam cfsqltype="cf_sql_varchar" value="#renderTextParamValue(arguments.keywords)#">
or tcontent.menuTitle = <cfqueryparam cfsqltype="cf_sql_varchar" value="#renderTextParamValue(arguments.keywords)#"> THEN 0 ELSE 1 END AS superSort
from tcontent Left Join tfiles ON (tcontent.fileID=tfiles.fileID)
Left Join tcontent tparent on (tcontent.parentid=tparent.contentid
and tcontent.siteid=tparent.siteid
and tparent.active=1)
Left Join tcontentstats on (tcontent.contentid=tcontentstats.contentid
and tcontent.siteid=tcontentstats.siteid)
Left Join tcontentfilemetadata on (tcontent.fileid=tcontentfilemetadata.fileid
and tcontent.contenthistid=tcontentfilemetadata.contenthistid)
<cfif len(arguments.tag)>
Inner Join tcontenttags on (tcontent.contentHistID=tcontenttags.contentHistID)
</cfif>
where
(tcontent.Active = 1
AND tcontent.Approved = 1
AND tcontent.siteid = <cfqueryparam cfsqltype="cf_sql_varchar" value="#arguments.siteID#"/> )
AND
(
tcontent.Display = 2
AND
(
(tcontent.DisplayStart <= <cfqueryparam cfsqltype="cf_sql_timestamp" value="#now()#">
AND (tcontent.DisplayStop >= <cfqueryparam cfsqltype="cf_sql_timestamp" value="#now()#"> or tcontent.DisplayStop is null)
)
OR tparent.type='Calendar'
)
OR tcontent.Display = 1
)
AND
tcontent.type in ('Page','Folder','Calendar','File','Link','Gallery')
AND tcontent.releaseDate is not null
<cfif len(arguments.sectionID)>
and tcontent.path like <cfqueryparam cfsqltype="cf_sql_varchar" value="%#arguments.sectionID#%">
</cfif>
<cfif len(arguments.tag)>
and (
#renderTextParamColumn('tcontenttags.tag')# in (<cfqueryparam list="true" cfsqltype="cf_sql_varchar" value="#renderTextParamValue(arguments.tag)#"/> )
<cfif len(arguments.tagGroup) and arguments.tagGroup neq 'default'>
and #renderTextParamColumn('tcontenttags.taggroup')#=<cfqueryparam cfsqltype="cf_sql_varchar" value="#renderTextParamValue(arguments.taggroup)#"/>
</cfif>
)
<cfelse>
<!---
<cfloop list="#trim(arguments.keywords)#" index="w" delimiters=" ">
and
(tcontent.Title like <cfqueryparam cfsqltype="cf_sql_varchar" value="%#w#%">
or tcontent.menuTitle like <cfqueryparam cfsqltype="cf_sql_varchar" value="%#w#%">
or tcontent.metaKeywords like <cfqueryparam cfsqltype="cf_sql_varchar" value="%#w#%">
or tcontent.summary like <cfqueryparam cfsqltype="cf_sql_varchar" value="%#w#%">
or tcontent.body like <cfqueryparam cfsqltype="cf_sql_varchar" value="%#w#%">)
</cfloop>
--->
and
(#renderTextParamColumn('tcontent.Title')# like <cfqueryparam cfsqltype="cf_sql_varchar" value="%#renderTextParamValue(arguments.keywords)#%">
or #renderTextParamColumn('tcontent.menuTitle')# like <cfqueryparam cfsqltype="cf_sql_varchar" value="%#renderTextParamValue(arguments.keywords)#%">
or #renderTextParamColumn('tcontent.metaKeywords')# like <cfqueryparam cfsqltype="cf_sql_varchar" value="%#renderTextParamValue(arguments.keywords)#%">
or #renderTextParamColumn('tcontent.summary')# like <cfqueryparam cfsqltype="cf_sql_varchar" value="%#renderTextParamValue(arguments.keywords)#%">
or
(
tcontent.type not in ('Link','File')
and #renderTextParamColumn('tcontent.body')# like <cfqueryparam cfsqltype="cf_sql_varchar" value="%#renderTextParamValue(arguments.keywords)#%">
)
or #renderTextParamColumn('tcontent.credits')# like <cfqueryparam cfsqltype="cf_sql_varchar" value="%#renderTextParamValue(arguments.keywords)#%">
or tcontent.contenthistid in (
select distinct tcontent.contenthistid from tclassextenddata
inner join tcontent on (tclassextenddata.baseid=tcontent.contenthistid)
where tcontent.active=1
and tcontent.siteid=<cfqueryparam cfsqltype="cf_sql_varchar" value="#arguments.siteID#"/>
and #renderTextParamColumn('tclassextenddata.attributeValue')# like <cfqueryparam cfsqltype="cf_sql_varchar" value="%#renderTextParamValue(arguments.keywords)#%">
))
</cfif>
and tcontent.searchExclude=0
<cfif categoryListLen>
and tcontent.contentHistID in (
select tcontentcategoryassign.contentHistID from
tcontentcategoryassign
inner join tcontentcategories
ON (tcontentcategoryassign.categoryID=tcontentcategories.categoryID)
where (<cfloop from="1" to="#categoryListLen#" index="c">
tcontentcategories.path like <cfqueryparam cfsqltype="cf_sql_varchar" value="%#listgetat(arguments.categoryID,c)#%"/>
<cfif c lt categoryListLen> or </cfif>
</cfloop>)
)
</cfif>
#renderMobileClause()#
ORDER BY supersort, priority, <cfif variables.configBean.getDBType() neq 'nuodb'>sortdate<cfelse>releasedate</cfif> desc
</cfquery>
<cfreturn rsPublicSearch />
My question is: Where should the collation go in the query above? Or is there a better approach than using collation in the query?
Or should I reach out to Mura and see if a new framework would need to be implemented to achieve what I am looking for?
Any help is appreciated

To expand on my comment.
const userInput = 'Médico';
const parsedInput = userInput.replace(/é/gmi, 'e').toLowerCase();
Then you take the that and store it in the database, so if the user searches for medico, Medico, MEDIcO, or any variant of that then it'll always be available to retrieve it from the database.
I can also write this in Spanish if it's easier for you to understand, but SO guidelines prefer English.
Here's a StackBlitz to kind of show you what I mean.

notify a user if there are no matching records found - coldfusion

How do you create something to notify a user if there are no matching records found with the queries you run?
I have a queries.cfm that I run like this:
<cfset result = {} />
<cftry>
<cfset date1 = CREATEODBCDATETIME(form.StartDate & '00:00:00')>
<cfset date2 = CREATEODBCDATETIME(form.EndDate & '23:59:59')>
<cfquery datasource="#application.dsn#" name="GetEmployeeInfo">
SELECT trans_location, date, associate
FROM cl_checklists
WHERE date >= <cfqueryparam value="#date1#" cfsqltype="cf_sql_timestamp" />
AND date <= <cfqueryparam value="#date2#" cfsqltype="cf_sql_timestamp" />
AND trans_location IN ( <cfqueryparam value="#FORM.location#" cfsqltype="cf_sql_varchar" list="true" /> )
AND associate IN ( <cfqueryparam value="#FORM.EmployeeName#" cfsqltype="cf_sql_varchar" list="true" /> )
</cfquery>
<cfquery datasource="#application.dsn#" name="GetLocationInfo">
SELECT trans_location, date, associate
FROM cl_checklists
WHERE date >= <cfqueryparam value="#date1#" cfsqltype="cf_sql_timestamp" />
AND date <= <cfqueryparam value="#date2#" cfsqltype="cf_sql_timestamp" />
AND trans_location IN ( <cfqueryparam value="#FORM.location#" cfsqltype="cf_sql_varchar" list="true" /> )
</cfquery>
<cffunction name="getop_id" access="public" returntype="string">
<cfargument name="associate" >
<cfquery name="spitOutop_id" datasource="#application.userinfo_dsn#">
SELECT assoc_name
FROM dbo.tco_associates
WHERE assoc_id= #arguments.associate#
</cfquery>
<cfreturn spitOutop_id.assoc_name >
</cffunction>
<cfquery name="allAssociatesQry" dbtype="query">
SELECT DISTINCT associate, COUNT(*) AS associateCount FROM GetEmployeeInfo GROUP BY associate ORDER BY associate
</cfquery>
<table border="1" id="Checklist_Stats">
<thead>
<th><strong>Associate Name</strong></th>
<th><strong>Location</strong></th>
<th><strong>Checklists Generated by Associate</strong></th>
<th><strong>Checklists Generated by Selected Location(s)</strong></th>
<th><strong>Associate Percentage of Location Total</strong></th>
</thead>
<tbody>
<!--- aggregate variables --->
<cfset aggrAssociateChecklist = 0>
<cfset aggrLocationChecklist = 0>
<cfloop query="allAssociatesQry">
<!--- get Associate's name --->
<cfset thisAssociateCode = trim(allAssociatesQry.associate)>
<cfset thisAssociateName = getop_id(thisAssociateCode) />
<!--- 1.1 get all trans_location code and total counts for the current Associate --->
<cfquery name="allLocCodeForAssociateQry" dbtype="query">
SELECT trans_location,count(trans_location) AS locCntr FROM GetEmployeeInfo WHERE associate='#thisAssociateCode#' GROUP BY trans_location ORDER BY trans_location
</cfquery>
<!--- 1.2 get the aggregate of checklist count generated by the current Associate for each location --->
<cfquery name="qTotalChecklistCountForAssociate" dbtype="query">
SELECT SUM(locCntr) AS totalAssocChecklist FROM allLocCodeForAssociateQry
</cfquery>
<!--- 2.1 get the total location checklist for each location available for the current Associate --->
<cfquery name="allLocChecklistForAssociateQry" dbtype="query">
SELECT trans_location,count(trans_location) AS totalLocCount FROM GetLocationInfo WHERE trans_location IN (#QuotedValueList(allLocCodeForAssociateQry.trans_location)#) GROUP BY trans_location ORDER BY trans_location
</cfquery>
<!--- 2.2 get the aggregate of location checklist generated by the current Associate --->
<cfquery name="qTotalLocChecklistForAssociate" dbtype="query">
SELECT SUM(totalLocCount) AS totalLocChecklist FROM allLocChecklistForAssociateQry
</cfquery>
<!--- display record for the current Associate --->
<cfoutput query="allLocCodeForAssociateQry">
<tr>
<!---<td><strong>#thisAssociateCode#</strong></td>--->
<td><strong>#thisAssociateName#</strong></td>
<td>#allLocCodeForAssociateQry.trans_location#</td>
<td>#allLocCodeForAssociateQry.locCntr#</td>
<td>#allLocChecklistForAssociateQry['totalLocCount'][CurrentRow]#</td>
<td>#NumberFormat((allLocCodeForAssociateQry.locCntr/allLocChecklistForAssociateQry['totalLocCount'][CurrentRow]) * 100, '9.99')#%</td>
</tr>
<cfset thisAssociateName = "" />
</cfoutput>
<!--- 3.1 get sub total for each Associate group --->
<cfset totalAssocChecklist = qTotalChecklistCountForAssociate.totalAssocChecklist>
<cfset totalLocChecklist = qTotalLocChecklistForAssociate.totalLocChecklist>
<!--- 3.2 add to the aggregate --->
<cfset aggrAssociateChecklist += totalAssocChecklist>
<cfset aggrLocationChecklist += totalLocChecklist>
<!--- display sub total for each Associate group --->
<cfoutput>
<tr>
<td>Associate Total</td>
<td></td>
<td>#totalAssocChecklist#</td>
<td>#totalLocChecklist#</td>
<td>#NumberFormat((totalAssocChecklist/totalLocChecklist) * 100, '9.99')#%</td>
</tr>
</cfoutput>
</cfloop>
<!--- display calculated aggregate at the end of the result --->
<!--- <cfoutput>
<tr>
<td><strong>Total</strong></td>
<td></td>
<td>#aggrAssociateChecklist#</td>
<td>#aggrLocationChecklist#</td>
<td>#NumberFormat((aggrAssociateChecklist/aggrLocationChecklist) * 100, '9.99')#%</td>
</tr>
</cfoutput>--->
</tbody>
</table>
<cfcatch type="any">
<cfset result.error = CFCATCH.message >
<cfset result.detail = CFCATCH.detail >
</cfcatch>
</cftry>
But I am trying to notify the user when no results come back based on there search.
I was trying to do a catch for the results if there 0 do something but have been unsuccessful. Would any Cold Fusion gurus like to assist me in how you alert your users when there query came back empty.
I tried:
<cfif #allAssociatesQry# is 0>
<cfif #allAssociatesQry# is null>
<cfif #allAssociatesQry# is "">
<cfif allAssociatesQry is 0>
<cfif allAssociatesQry is null>
<cfif allAssociatesQry is "">

Don't use try/catch. That's for code that doesn't run successfully. All you need is this:
<cfquery name="q">
sql
</cfquery>
<cfif q.recordcount is 0>
code for no records
<cfelse>
display records
</cfif>

ISSUE with ColdFusion TRANSACTION and Data Concurrency

I am creating and assigning a value in a variable at the top of the function. But somehow the value gets replaced with other user's table record. This happened when two users doing transaction at same time with different records. Also it is happening only once in a while.
I have mentioned the issue in comments in below code.
<cffunction name="functionname" output="true">
<cfargument name="formData">
<cftransaction action="begin">
<cftry>
<cfquery name="getDoc_no" datasource="#variables.dsn#">
SELECT CONCAT(TO_CHAR(SYSDATE,'YYYY'),WORK_REQ_SEQ.NEXTVAL) as NEXT_NO FROM DUAL
</cfquery>
<cfset doc_no_seq=getDoc_no.NEXT_NO> <!---creating variable doc_no_seq --->
<cfquery name="getWo_no" datasource="#variables.dsn#">
SELECT WORK_ORDER_SEQ.nextval as NEXT_NO FROM DUAL
</cfquery>
<cfset Trns_seq=getWo_no.NEXT_NO> <!--- creating variable Trns_seq --->
<cfquery name="insert1" datasource="#variables.dsn#">
INSERT into WORK_ORDER
(
DOC_NO,
TRANS_ID
)
Values
(
<cfqueryparam value="#doc_no_seq#" cfsqltype="cf_sql_integer">, <!--- Inserted CORRECT doc_no_seq value --->
<cfqueryparam value="#Trns_seq#" cfsqltype="cf_sql_integer"> <!--- Inserted CORRECT Trns_seq value --->
)
</cfquery>
<cfif isdefined("IdnoRes") and IdnoRes gt 0>
<cfloop from="1" to="#IdnoRes#" index="q">
<cfif trim(Evaluate("rsc_grp_id_#q#")) is not "" and trim(Evaluate("qty_#q#")) is not "">
<cfquery name="insert2" datasource="#variables.dsn#">
INSERT into REQ_RESOURCE_DTLS
(
DOC_NO ,
TRANS_ID
)
Values
(
<cfqueryparam value="#doc_no_seq#" cfsqltype="cf_sql_integer">, <!--- Inserted WRONG doc_no_seq value --->
<cfqueryparam value="#Trns_seq#" cfsqltype="cf_sql_integer"> <!--- Inserted WRONG Trns_seq value --->
)
</cfquery>
</cfif>
</cfloop>
</cfif>
<cfif isdefined("Idnojob") and Idnojob gt 0>
<cfloop from="1" to="#Idnojob#" index="q">
<cfif trim(Evaluate("frm_des_#q#")) is not "" and trim(Evaluate("to_des_#q#")) is not "">
<cfquery name="insert3" datasource="#variables.dsn#">
INSERT into JOB_SEQ_DTLS
(
DOC_NO ,
TRANS_ID
)
Values
(
<cfqueryparam value="#doc_no_seq#" cfsqltype="cf_sql_integer">, <!--- Inserted WRONG doc_no_seq value --->
<cfqueryparam value="#Trns_seq#" cfsqltype="cf_sql_integer"> <!--- Inserted WRONG Trns_seq value --->
)
</cfquery>
</cfif>
</cfloop>
</cfif>
<cftransaction action="commit" />
<cfcatch type="any">
<cftransaction action="rollback" />
</cfcatch>
</cftry>
</cftransaction>
<cfreturn 1>

Database entry cfqueryparam dynamic session variable value

How do you create a cfqueryparam for a dynamic variable? How do I write the value for something like this..
Dynamic Session Variables:
<cfset session.checkout.info["firstname_#Add#"]=form["firstname_#Add#"]>
<cfset session.checkout.info["middlename_#Add#"]=form["middlename_#Add#"]>
<cfset session.checkout.info["lastname_#Add#"]=form["lastname_#Add#"]>
Database Entry:
<cfquery datasource="Titlesbymail" name="InsertEntry">
INSERT INTO owner (firstname, middlename, lastname)
VALUES (<cfqueryparam value="#session.checkout.info.firstname#" cfsqltype="CF_SQL_VARCHAR">
<cfqueryparam value="#session.checkout.info.middlename#" cfsqltype="CF_SQL_VARCHAR">,
<cfqueryparam value="#session.checkout.info.lastname#" cfsqltype="CF_SQL_VARCHAR">
</cfquery>

I believe you just do it like this :
<cfloop index="Add" from="1" to="#session.checkout.quantity.pcount#" step="1">
<cfif structKeyExists(session, "checkout")>
<cfquery datasource="Titlesbymail" name="InsertEntry">
INSERT INTO owner (firstname, middlename, lastname)
VALUES (
<cfqueryparam value='#form["firstname_#Add#"]#' cfsqltype='cf_sql_varchar' />
, <cfqueryparam value='#form["middlename_#Add#"]#' cfsqltype='cf_sql_varchar' />
, <cfqueryparam value='#form["lastname_#Add#"]#' cfsqltype='cf_sql_varchar' />
</cfquery>
</cfif>
</cfloop>

cfquery param on query containing if statment

How do you use cfqueryparam on this line of code?
SET mailing_list = <CFIF IsDefined("FORM.mailing_list")>#FORM.mailing_list#<CFELSE>0</CFIF>

Like this:
SET mailing_list = <CFIF IsDefined("FORM.mailing_list")>
<cfqueryparam value="#FORM.mailing_list#" cfsqltype="cf_sql_integer" />
<CFELSE>
0
</CFIF>
On recent CFML engines, you can use the ternary conditional operator:
SET mailing_list = <cfqueryparam value="#IsDefined("FORM.mailing_list") ? FORM.mailing_list : 0#" cfsqltype="cf_sql_integer" />
(Though that is arguably less readable here.)
Best way is most likely to param it above your query and avoid any if altogether...
<cfparam name="Form.mailing_list" default="0" />
...
SET mailing_list = <cfqueryparam value="#FORM.mailing_list#" cfsqltype="cf_sql_integer" />

you would just use two separate cfqueryparam's
SET mailing_list =
<cfif StructKeyExists(form,'mailing_lis't)>
<cfqueryparam cfsqltype="cf_sql_varchar" value "#FORM.mailing_list#" />
<cfelse>
0
</cfif>

I generally use IIF for short IF statements:
SET mailing_list = <cfqueryparam value="#iif(IsDefined("form.mailing_list"), form.mailing_list, 0)#" cfsqltype="cf_sql_integer" />
Otherwise I prefer the "long and clean" way:
<CFIF IsDefined("FORM.mailing_list")>
SET mailing_list = <cfqueryparam value="#FORM.mailing_list#" cfsqltype="cf_sql_integer" />
<CFELSE>
SET mailing_list = <cfqueryparam value="0" cfsqltype="cf_sql_integer" />
</CFIF>