I have some code that only does updates
<cfif tags NEQ "skip">
<cfquery>
UPDATE myTable
SET tags = <cfqueryparam cfsqltype="CF_SQL_varchar" value="#arguments.tags#">
WHERE ID = <cfqueryparam cfsqltype="CF_SQL_INTEGER" value="#arguments.ID#">
</cfquery>
What would be a better approach than using "skip" as a magic value? Note that blank is a valid value.
It depends on where the data is coming from. Ideally, I'd set a variable to true or false and check that. I'm guessing that in your example tags is coming from a form and that 'skip' is the value in a for 'None of these'. You've probably got to use something as a magic value, but I'd favour using something like __SKIP_TAGS__ which is very clear.
You could also split up your page logic, so that you process the form submission first, checking for magic values and setting up a boolean for whether to insert data from #tags#, then use the boolean later on for your check. The overall logic would be the same, but better laid out.
You might want to consider adding a bit more context to your question, like where the data is coming from, so that others can give you better advice
Related
I have a input checkbox field where user can select multiple checkboxes in a form, and depending on what they select, it will create a string of id's like 10,14,35,47, and that will be submitted to the database. I can get this submitted if I just submit it directly like below:
user_job_type_id="#form.user_job_type_id#",
But, if I try and wrap that in a cfqueryparam, which I would rather do to make it more secure, I get an error, regardless of what I do. Whether I set it to a list true or false, varchar, integer, everything throws an error like cfqueryparam doesnt accept the list.
For example, below will not work
user_job_type_id=<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.user_job_type_id#" list="Yes"/>,
What am I missing here?
As #SOS mentioned, you need to use an IN statement when checking against a list of values in parenthesis. In addition, since the values are all integers, make sure to specify the correct cfsqltype. This ensures the correct date type check for each element in the list.
Wrong:
user_job_type_id = <cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.user_job_type_id#" list="Yes"/>,
Better:
user_job_type_id IN (<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.user_job_type_id#" list="Yes"/>),
Best:
user_job_type_id IN (<cfqueryparam cfsqltype="CF_SQL_INTEGER" value="#form.user_job_type_id#" list="Yes"/>),
The dumping results for the following QoQ are perfectly fine:
<cfquery datasource = "XX.XX.X.XX" name="master2">
SELECT DATE(Timedetail) as FIRSTCONN
, count(Timedetail) as FIRSTOccurances
, EVENTS
FROM MyDatabase
WHERE EVENTS = "FIRST" GROUP BY FIRSTCONN
<!--- LIMIT 0,10 --->;
</cfquery>
<cfdump var="#master2#">
<cfquery dbtype="query" name="detail2">
SELECT *
FROM master2
WHERE FIRSTCONN >= <cfqueryparam value="#startdate#" cfsqltype="cf_sql_date">
AND FIRSTCONN < <cfqueryparam value="#enddate#" cfsqltype="cf_sql_date">;
</cfquery>
Dumping Result: <cfdump var="#detail2#"><cfabort>
However, when I try to use the following check on the QoQ:
Dumping Result: <cfdump var="#detail2.FIRSTCONN#"><cfabort>
I don't see the full list of FIRSTCONN values. Instead I just see one line:
Dumping Result: {ts '2013-06-29 00:00:00'}
Ideally I should see the list of all the FIRSTCONN in my browser, shouldn't I?
You are looking at the default behaviour of coldfusion. When you output or dump queryname.fieldname, and don't specify a row number, you get the value from the first row. If you want to see all the rows, your choices are:
Look at the value list
Output/dump the entire query
Do another q of q for just that column and cfdump it.
Use cfoutput with a query attribute and just output that field
If you are looking to produce the same structured output that cfdump produces when dumping a query, I have two suggestions:
My First Inclination:
<cfdump var="#ListToArray(ValueList(queryName.columnName))#" />
That one is obviously a, very, minor continuation on Dan's suggestion.
The second is available for CF 8+ and it is
Exactly What You Wanted:
<cfdump var="#queryName#" show="columnName"/>
You may specify either columns to display in the output via the show attributes or you can hide specific columns by assigning a value to the hide attribute.
CFAbort in CF Docs
Granted, this post is almost 18 months old but maybe this will help someone that stumbles onto this page.
This is a little off topic, but I'd like to point out that in my instance of CF2016 the cfdump function suppresses the output of columns (and makes them appear empty) that have lots of text in them (or have the option to have lots of text). I'm not sure if it's the nVarChar(max) setting of the table field or what, but in order to see the content of these big fields, I actually have to make a separate query that selects only this one field, and use a separate cfdump in order to see its contents. This is only for debugging purposes, but it will keep you from going crazy and rewriting your update and insert statements over and over (because they appear to not be working all the way)...
Inside a cffunction I have a query that I want to long cache by setting the cachedwitin to a big value. However, I also want to clear that cache under a few circumstances.
I've done this in a number of places, but in one of them the cache is never updated and I always get the original value if I ask it to give me the cached value.
The cfquery documentation states:
To use cached data, the current query must use the same SQL statement, data source, query name, user name, and password.
This is the case with the query, since it's a single sql statement with no non-sql except the cfqueryparam; datasource and query name don't change and username and password are not specified.
The relevant code is:
<!--- Long cache the query since the values rarely change, but allow the cache to be cleared. --->
<cfif Arguments.ClearCache EQ false>
<cfset local.CachedWithin = CreateTimeSpan(7,0,0,0)>
<cfelse>
<cfset local.CachedWithin = CreateTimeSpan(0,0,0,-1)>
</cfif>
<cfquery name="local.qryName" datasource="#Variables.DSN#" cachedwithin="#local.CachedWithin#">
SELECT
[User].[Name]
FROM
[User]
WHERE
[User].[UserID] = <cfqueryparam value="#Arguments.UserID#" cfsqltype="cf_sql_integer">
</cfquery>
Why does this work in other places, but not here?
There is an additional "sameness" requirement for cached queries that isn't mentioned in the documentation. That note should end with:
... password, and underlying data types of any cfqueryparam values.
Change your code so that the Arguments.UserID is forced to a data type. In your case this can be accomplished by putting the following code before the cfquery:
<!--- Make sure data types used in query are consistent --->
<cfset local.UserID = Int(Arguments.UserID)>
and change the cfqueryparam value to value="#local.UserID#".
I've phrased the above as an omission in the documentation, but I suspect it's a bug in CF9 instead.
I have the following ColdFusion 9 code:
<cfloop from="1" to="#arrayLen(tagArray)#" index="i">
<cfquery name="qryGetSPFAQs" datasource="#application.datasource#">
EXEC searchFAQ '#tagArray[i]#'
</cfquery>
</cfloop>
The EXEC executes a stored procedure on the database server, which returns rows of data, depending on what the parameter is. What I am trying to do is combine the queries into one query object. In other words, if it loops 3 times and each loop returns 4 rows, I want a query object that has all 12 rows in one object. How do I acheive this?
You might want to take a different approach (modify your stored procedure to accept multiple arguments or use a list and fnSplit) and return the dataset all at once. However, to directly answer your question, this is how you could combine the queries as you're asking to:
You can use UNION in a Query of Queries to combine all of the datasets.
<cfloop from="1" to="#arrayLen(tagArray)#" index="i">
<cfquery name="qryGetSPFAQs#i#" datasource="#application.datasource#">
EXEC searchFAQ '#tagArray[i]#'
</cfquery>
</cfloop>
<cfquery name="combined" dbtype="query">
<cfloop from="1" to="#arrayLen(tagArray)#" index="i">
select * from qryGetSPFAQs#i#
<cfif i lt arrayLen(tagArray)>UNION</cfif>
</cfloop>
</cfquery>
A more direct way might be something like this:
<cfset bigQ = queryNew("column")>
<cfloop from="1" to="#arrayLen(tagArray)#" index="i">
<cfquery name="qryGetSPFAQs" datasource="#application.datasource#">
EXEC searchFAQ '#tagArray[i]#'
</cfquery>
<cfset queryAddRow(bigQ)>
<cfset querySetCell(bigQ, "column". qryGetSPFAQs)>
</cfloop>
You will need a querySetCell() assignment for each column. Check out the query functions in the live docs for more information.
Here is an out of the box solution, abandoning the StoredProc for a SQL View (I'll explain).
Disclaimer: without seeing the SP source code, I can't tell if my solution fits. I'm assuming that the SP is fairly basic, and I admit I usually prefer the compiled execution of an SP over a view, but the one-time execution of a SQL View should outperform the looping of the SP x times.
First make a view that looks like the SELECT statement in the SP (minus the parameterization, of course -- you'll cover that in a WHERE clause within the CFQUERY of your new view.
Second, set up your loop to do no more than build a data set we're going to use for the WHERE clause. You'll need to use ArrayToList and a little bit of string manipulation to tidy it up, with the end product being a string stored in a single CF variable looking like this:
('ValueOfArrayElement1','ValueOfArrayElement2','Value_And_So_On')
Building the string is pretty easy, using the delimeter attribute of ArrayToList, and after the loop is complete, append a Left Parenthesis & Single Quote to the Left most position of the string; and append a Single Quote & Right Parenthesis to the Right most position in the string.
Now, write the CFQUERY statement to SELECT the columns you need from your view (instead of executing your SP). And instead of passing a parameter to the SP, you're going to put a WHERE clause in the CFQUERY.
Oh, BTW, I am stating you need a SQL View, but the entire SELECT could be built in CFQUERY. Personally, when I have a multi-table JOIN, I like to define that in a SQL View where it's executed more quickly than a JOIN in CFQUERY. Ultimately a StoredProc is even faster, but our WHERE clause is much friendlier to code and read like this than it would be to send into StoredProc without looping in and out of SQL.
It's a good goal to make only one trip out to the database and back if possible. That's why we looped through the array to write a string equating to all the values in the dataset. This way, we'll only execute one query, one time.
SELECT Col1, Col2, Col_etc
FROM SQL_View_Name
WHERE ColumnName in #BigStringWeMadeFromArrayToList#
when our CFQUERY is rendered, the clause will look just like this in SQL:
WHERE ColumnName in
('ValueOfArrayElement1','ValueOfArrayElement2','Value_And_So_On')
So there you have it. Like I said, this is nice because it makes only one trip to the DB, and since we are building a view, the performance will still be pretty good -- better than running a StoredProc 4+ times. (no offense)
I'll must repeat... without having seen the SP code, I'm not sure if this is do-able. Plus, it's kind of odd to abandon a StoredProc for a SQL View, a "lesser" entity in the RDBMS, but I'm sure we will achieve greater performance and I think it's pretty readable, too.
Why does this not work? My welcome message, it just doesn't show up:
<p>Welcome <cfoutput>#Recordset1.UserID#</cfoutput>.</p>
The session variable on the login page I created is:
<cflock timeout=999 scope="Session" type="Exclusive">
<cfset Session.IDUsers =''>
</cflock>
is this incorrect? On the index page where I'm trying to display my welcome message I have:
<cfquery name="Recordset1" datasource="cfGossip">
SELECT *
FROM users
WHERE users.IDUsers = <cfqueryparam value="#Session.IDUsers#">
</cfquery>
I'm not sure if this works, or is necessary?
If you set the userid stored in the session to be the empty string, when you query on it, you will only get users for whom the id is the empty string, which shouldn't be any of them. Therefore, the query is returning an empty set, and your page is (correctly) not displaying a user id.
How are you initially identifying the user? Are you querying against a database when they log in? Are you storing a cookie? Reading Tarot cards? For this to work, at some point, you have to store the correct userid, probably in the session. To do that, you need to first identify who the user is.
Also, if you are using CF6+, you probably do not need the cflock. It is now used to prevent race conditions, as CF is now thread-safe.
Looks like you're just starting with CF, welcome to the community.
My understanding of your code makes the structure look like the following, if I'm understanding you correctly:
<cfset session.idUsers = '' />
<cfquery datasource = "cfgossip" name = "recordset1">
SELECT * FROM USERS WHERE USERS.ID_USERS = <cfqueryparam cfsqltype = "cf_sql_integer" value = "#session.idUsers# />
</cfquery>
<cfoutput>Welcome #recordset1.userID#</cfoutput>
The reason this doesn't work is because your session.idUsers value is blank. Assuming you have a user in your database with an ID_USERS value of 1, you could change the CFSET to look like and it should return results.
Additionally, while it's great to see you using CFQUERYPARAM, I'd recommend including a CFSQLTYPE attribute in the tag whenever possible to provide an added line of defense against injection attacks. You can check out http://livedocs.adobe.com/coldfusion/8/htmldocs/help.html?content=Tags_p-q_18.html to see the list of available types.
Is there anywhere in your code where you set your session.IDUsers? You initialize it as a blank ''. Coldfusion does not populate it for you. The session scope is a place that will remember things for that user that you put there for a specified period of time inactivity, usually 20 minutes. So hopefully, somewhere before you run your query you have additional logic that fills that in, otherwise you are asking the database for a user named, ''.
This is just a point of style, but the following may work better for you:
<cfset Session.IDUsers =''>
<!--- Do something here to populate Session.IDUsers --->
<!--- Creates a blank query - not necessary, but can reduce errors later --->
<cfset Recordset1 = queryNew("UserID")>
<!--- Populate the query from the database --->
<cfquery name="Recordset1" datasource="cfGossip">
SELECT *
FROM users
WHERE users.IDUsers = <cfqueryparam value="#Session.IDUsers#">
</cfquery>
<!--- If the query has data, use it, otherwise show generic message --->
<cfoutput>
<cfif Recordset1.recordcount>
<p>Welcome #Recordset1.UserID#.</p>
<cfelse>
<p>Welcome new user!</p>
</cfif>
</cfoutput>
<!--- OR since we used queryNew("userID"), we can simplify without throwing an error. ---->
<cfoutput>
<p>Welcome <cfif len(Recordset1.userID)>#Recordset1.userID#.<cfelse>new user!</cfif></p>
</cfoutput>
Putting the cfoutput outside the paragraph block will make it easier if you have additional variables to insert into the text. (but will work either way)
Regardless of all that, unless you forgot to share a bit more of the code, I think the issue is that the session.IDUsers is blank and needs to be populated before the query. I hope this helps!