I have written a database query to extract information in ColdFusion and I want to know how may I pass a value to the WHERE clause to get the relevant data. This is my code sample. can any one help?
<cfquery name="FILM_STRIP_QUERY" datasource="#dsn#">
select distinct tm.id as teachingmoduleid,
(select concat(prs.first_name, ' ',prs.last_name) AS Video_presenter from presentations pss
inner join topics tpcs on tpcs.id = pss.topic_id
inner join presenters prs on prs.id = pss.presenter_id
where pss.name = ps.name
and tpcs.title = tp.title
) AS video_presenter,
(select pss.43_png from presentations pss
inner join topics tpcs on tpcs.id = pss.topic_id
inner join presenters prs on prs.id = pss.presenter_id
where pss.name = ps.name
and tpcs.title = tp.title) AS png_name
from teaching_modules tm
inner join tm_segments sg on sg.module_id = tm.id
inner join topics tp on tp.id = sg.topic_id
inner join presenters prs on prs.id = tm.presenter_id
left outer join presentations ps on ps.id = sg.presentation_id
where tm.id =
</cfquery>
and this is the calling function
<cfloop = "FILM_STRIP_QUERY">
<!--- this is where I wanna pass the parameter--->
</cfloop>
Do you mean something like this?
<cfset tmId = 5 />
<!--- or something like <cfset tmId = url.id /> --->
<cfquery name="FILM_STRIP_QUERY" datasource="#dsn#">
<!--- SELECT cols FROM wherever etc... --->
WHERE tm.id = <cfqueryparam cfsqltype="cf_sql_integer" value="#tmId#" />
</cfquery>
You could just do #tmid# without the CFQueryParam tag, but it's a good idea to use it for added security (validation) and the database will also cache the execution plan, hopefully improving performance the next time the query executes.
If you are using a CFC, then a function like this would work, including the query name ensuring CF releases the memory from the local variable declaration. Also uses the parameter and the cfqueryparam function.
<cffunction name="getFILM_STRIP" access="public" returntype="query" output="false">
<cfargument name="id" required="Yes" type="numeric">
<cfset FILM_STRIP_QUERY = "">
<cfquery name="FILM_STRIP_QUERY" datasource="#variables.dsn#">
<!--- select statement --->
WHERE colname = <cfqueryparam cfsqltype="CF_SQL_INTEGER" value=#arguments.id# />
</cfquery>
<cfreturn FILM_STRIP_QUERY>
</cffunction>
You should use the cfqueryparam tag to do this. This helps DB execution and also helps prevent SQL injection. e.g.
where tm.id = <cfqueryparam value="#form.ID#" CFSQLType="CF_SQL_INTEGER">
Related
After I submit a form, I need to check if any field in the database table changed. If changed I create a new record, if not, I don't do anything. I can't just update the record.
Is there a way to do it without checking every single field like the code below?
<cfquery name="getData" datasource="myDS">
Select * From table Where ID = #form.ID#
</cfquery>
<Cfset changed = false />
<!-- Check every field -->
<cfif form.data1 neq getData.data1>
<cfset changed = true />
</cfif>
<cfif form.data2 neq getData.data2>
<cfset changed = true />
</cfif>
<cfif form.data3 neq getData.data3>
<cfset changed = true />
</cfif>
...
Thanks
Might depend on what database you are using but you should be able to do a query that will insert if the data does not exist.
As an example I just tested this against Oracle 12c using CF2016 Enterprise and it creates a new record if the data does not exist.
<cfquery name="Testing" datasource="Test">
INSERT INTO TESTTABLE (DATA1, DATA2, DATA3)
SELECT <cfqueryparam value="#Form.Data1#" cfsqltype="CF_SQL_VARCHAR" />, <cfqueryparam value="#Form.Data2#" cfsqltype="CF_SQL_VARCHAR" />, <cfqueryparam value="#Form.Data3#" cfsqltype="CF_SQL_VARCHAR" />
FROM dual
WHERE NOT EXISTS
(SELECT DATA1, DATA2, DATA3 FROM TESTTABLE WHERE DATA1 = <cfqueryparam value="#Form.Data1#" cfsqltype="CF_SQL_VARCHAR" />,
AND DATA2 = <cfqueryparam value="#Form.Data2#" cfsqltype="CF_SQL_VARCHAR" /> AND DATA3 = <cfqueryparam value="#Form.Data3#" cfsqltype="CF_SQL_VARCHAR" />)
</cfquery>
Can you explain this a little further? Why are you allowing a form to be submitted with changed data if you can't update the record itself? If you click Save, then compare the form data with the query data and have the action call a Create function when the data is different.
Let's say you have a thing query and form:
<cfquery name="myThing">
SELECT
thing_id,
thing_name,
thing_foo
FROM
things
where
thingID = <cfqueryparam value="#url.thingID#">
</cfquery>
<form>
<input type="hidden" name="thing_id" value="#myThing.thing_id#">
<input type="text" name="thing_name" value="#myThing.thing_name#">
<input type="text" name="thing_foo" value="#myThing.thing_foo#">
<button type="submit">Submit</button>
</form>
If you need to check the submitted data against what's already in the database, you can just run the query again on the form processing page and compare those values against the submitted form values. This example assumes you named the form fields the same as the database table columns.
<cfset delta = false>
<cfloop item="key" collection="#myThing#">
<cfif structKeyExists(form, key)>
<cfif form[key] NEQ myThing[key]>
<cfset delta = true>
</cfif>
</cfif>
</cfloop>
If any values differ, then create a new record. No idea what you need to do when the submitted values haven't changed.
<cfif delta>
<!--- Create a new record. --->
<cfelse>
<!--- ¯\_(ツ)_/¯ --->
</cfif>
I've also seen it done where the original values are stored in hidden form fields and submitted along with the editable form fields. You could do this, but there's no guarantee that the values in the DB haven't been changed between you rendering the form and then submitting it.
You'll still have some challenge of how to tell if the DB values have changed on the way to the DB, but I'm not sure if you need so granular a check.
We can use the cfquery to check the table having the existing data or not. If not having the same data means we can Insert the form. The following code may related to your scenario.
<cfif structKeyExists(form,"Submit")>
<cfquery name="checkFormExisting" datasource="myDSN">
SELECT *
FROM USERS
WHERE data1 = <cfqueryparam value="#form.data1#" cfsqltype="cf_sql_varchar">
OR data2 = <cfqueryparam value="#form.data2#" cfsqltype="cf_sql_varchar">
OR data3 = <cfqueryparam value="#form.data3#" cfsqltype="cf_sql_varchar">
</cfquery>
<cfif checkFormExisting.recordCount EQ 0>
INSERT INTO
USERS (
data1,data2,data3
)
VALUES (
<cfqueryparam value="#form.data1#" cfsqltype="cf_sql_varchar">,
<cfqueryparam value="#form.data2#" cfsqltype="cf_sql_varchar">,
<cfqueryparam value="#form.data3#" cfsqltype="cf_sql_varchar">
)
</cfif>
</cfif>
Hope, you're asking like the above code for your scenario.
A few times in my functions I have stuff like this:
<cffunction name="mergeData">
<cfquery name="myQuery">
SELECT columnName FROM tableName
</cfquery>
<cfquery dbtype="query" name="myOtherQuery">
SELECT columnName FROM myQuery
</cfquery>
</cffunction>
<cfset resulta = mergeData(queryA) />
<cfset resultb = mergeData(queryB) />
<cfset resultc = mergeData(queryC) />
Occasionally then I get the error The select column reference [myQuery.columnname] is not found in table [myQuery].
So what could be causing this. How can I diagnose. I was thinking it could be a scoping issue, so I'm going to add <cfquery name="local.myQuery"> just to make sure things are contained in the function (I should be doing that anyway probably). But when something only happens sometimes I have a hard time figuring out how to diagnose.
EDIT: Added some clarity on why it's most likely a scoping issue. My thought is that myQuery is poossibly being referenced in other calls. I mean, it's not like it's running multiple threads on the data, but is it possible that that could be the cause? Are there other causes? This isn't always the case when I get the error. I also get it on a page where it function is only running once.
In the query of queries, use brackets around the local scope prefix.
<cffunction name="mergeData">
<cfquery name="local.myQuery">
SELECT columnName FROM tableName
</cfquery>
<cfquery dbtype="query" name="local.myOtherQuery">
SELECT columnName FROM [local].myQuery
</cfquery>
</cffunction>
<cfset resulta = mergeData(queryA) />
<cfset resultb = mergeData(queryB) />
<cfset resultc = mergeData(queryC) />
I've never gotten LOCAL to work in query of queries in a function.
So I do this....
<cffunction>
<cfquery name="VARIABLES.myQuery">
SELECT columnName FROM tableName
</cfquery>
<cfquery dbtype="query" name="myOtherQuery">
SELECT columnName FROM VARIABLES.myQuery
</cfquery>
<cffunction>
I strongly suggest using a more explicit name for your query, especially in query of queries.
I wrote a script that takes date entries and for some reason whenever I specify just a starting date with a blank end date the query never picks it up. Here's what I wrote.
<cfquery name="stec_mysql_loan_tracking_qry" result="meta_tracking" datasource="STLinux1MySQL">
Select
tslo.created,
tslo.created_by,
tslo.last_modified,
tslo.last_modified_by,
tslo.active,
tslo.is_manager,
tslo.pick_userid,
tslo.customer_code,
tslo.name,
tst.user_ip as ip,
tsl.loan_identifier,
tst.command,
tsl.tax_search_loan_id as id
From
tax_search_loan_officers tslo Left Join
tax_search_loans tsl On tsl.tax_search_loan_officer_id =
tslo.tax_search_loan_officer_id Left Join
tax_search_track tst On tst.pick_userid = tslo.pick_userid
Where
tslo.customer_code In (<cfqueryparam value="#tw_custcodes#" cfsqltype="cf_sql_varchar" list="yes">)
<cfif IsDefined('url.active')>
<cfif url.active neq "">
AND
tslo.active = <cfqueryparam value="#Trim(url.active)#" cfsqltype="cf_sql_varchar" list="yes">
</cfif>
</cfif>
<cfif IsDefined('url.is_managed')>
<cfif url.is_managed neq "">
AND
tslo.is_manager = <cfqueryparam value="#Trim(url.is_managed)#" cfsqltype="cf_sql_varchar" list="yes">
</cfif>
</cfif>
<cfif IsDefined('url.start_end')>
<cfif url.start_date neq "" and url.end_date eq "">
AND
<cfqueryparam value="#Trim(url.start_date)#" cfsqltype="cf_sql_date"> <= DATE_FORMAT(tslo.last_modified, '%Y-%m-%d')
AND
DATE_FORMAT(tslo.last_modified, '%Y-%m-%d') <= DATE_FORMAT(NOW(), '%Y-%m-%d')
</cfif>
</cfif>
<cfif IsDefined('url.start_date')>
<cfif url.end_date neq "" and url.start_date eq "">
AND
'2012-01-01' <= DATE_FORMAT(tslo.last_modified, '%Y-%m-%d')
AND
DATE_FORMAT(tslo.last_modified, '%Y-%m-%d') <= <cfqueryparam value="#Trim(url.end_date)#" cfsqltype="cf_sql_date">
</cfif>
</cfif>
<cfif isDefined('url.start_date')>
<cfif (url.start_date neq "") and (url.end_date neq "")>
AND
<cfqueryparam value="#Trim(url.start_date)#" cfsqltype="cf_sql_date"> <= DATE_FORMAT(tslo.last_modified, '%Y-%m-%d')
AND
DATE_FORMAT(tslo.last_modified, '%Y-%m-%d') <= <cfqueryparam value="#Trim(url.end_date)#" cfsqltype="cf_sql_date">
</cfif>
</cfif>
</cfquery>
And here is what it sees if url.end_date = "" but url.start_date = a value:
Select
tslo.created,
tslo.created_by,
tslo.last_modified,
tslo.last_modified_by,
tslo.active,
tslo.is_manager,
tslo.pick_userid,
tslo.customer_code,
tslo.name,
tst.user_ip as ip,
tsl.loan_identifier,
tst.command,
tsl.tax_search_loan_id as id
From
tax_search_loan_officers tslo Left Join
tax_search_loans tsl On tsl.tax_search_loan_officer_id =
tslo.tax_search_loan_officer_id Left Join
tax_search_track tst On tst.pick_userid = tslo.pick_userid
Where
tslo.customer_code In (?)
However, every other combination is fine. I've tried rewriting the cfif blocks but this structure is the only one that gets 2/3 while the rest fail.
(From the comments ..)
<cfif IsDefined('url.start_end')>
It looks like you have three date variables: url.start_date, url.end_date and url.start_end. What is url.start_end - is it a typo?
As an aside, you might want to set defaults values for the variables so you could eliminate some of the cfif conditions. Then work on simplifying the rest of the logic, because it seems more complex than is necessary ... Dan's response contains some good suggestions. I strongly suspect you could simplify the code and make the query more efficient to boot by getting rid of the DATE_FORMAT(ColumnName, '%Y-%m-%d') statements, because they will prevent the database from properly utilizing indexes on the referenced column.
Update:
After taking a closer look, I think this is what the code is trying to accomplish:
If both dates are present, filter on the given values
If only one of the dates is present, apply a default for the missing date. Then filter on both values.
If neither date is present, skip the filtering.
Something along these lines should mimic the behavior of current code. Note, it uses this type of comparison as a more index-friendly way of handling "time" issues:
WHERE column >= {startDateAtMidnight}
AND column < {dayAfterEndDateAtMidnight}
Example:
<!--- default both to something that is NOT a valid date --->
<cfparam name="url.start_date" default="">
<cfparam name="url.end_date" default="">
<!---
If at least ONE of the dates was supplied, apply
the desired defaults for missing values
--->
<cfif isDate(url.start_date) || isDate(url.end_date)>
<cfset url.start_date = isDate(url.start_date) ? url.start_date : "some default like 2012-01-01 here">
<cfset url.end_date = isDate(url.end_date) ? url.end_date : now()>
</cfif>
<cfquery ....>
SELECT ...
FROM ...
WHERE ...
<!--- apply the filter when both dates are populated. --->
<cfif isDate(url.start_date) and isDate(url.end_date)>
AND tslo.last_modified >= <cfqueryparam value="#url.start_date#" cfsqltype="cf_sql_date">
AND tslo.last_modified < <cfqueryparam value="#dateAdd('d', 1, url.end_date)#" cfsqltype="cf_sql_date">
</cfif>
</cfquery>
It might not be the cause, but you are mixing data types. This:
and <cfqueryparam value="#Trim(url.start_date)#" cfsqltype="cf_sql_date">
<= DATE_FORMAT(tslo.last_modified, '%Y-%m-%d')
will have a date on the left hand side of your comparison operator and a string on the right. Even if it runs without error, you might get unexpected results. As a minimum, remove the date_format function from the right hand side.
Then we have this:
AND DATE_FORMAT(tslo.last_modified, '%Y-%m-%d') <= DATE_FORMAT(NOW(), '%Y-%m-%d')
at least it's comparing a string to a string, but it's inefficient. In the overall scheme of things, maybe you want something like this:
and tslo.last_modified >=
<cfqueryparam value="#Trim(url.start_date)#" cfsqltype="cf_sql_date">
and tslo.last_modified =< now()
I am trying to set a variable dynamically into a structure via CFLOOP. I have read Ben Nadal's blog post but cant seem to get the assignment correct. I would like to use dot notation and make the VIN a sub structure of values.
Here is my code:
<cfloop query="VINs">
<cfquery name="carsQue" datasource="carsData">
SELECT VIN, MODEL, MAKE, etc
FROM CarsDB
WHERE (VIN = #VIN#)
</cfquery>
<cfset carsStruct= StructNew()>
<cfset carsStruct.[VIN].MAKE = '#carsQue.MODEL#'>
<cfset carsStruct.[VIN].MODEL = '#carsQue.MAKE#'>
</cfloop>
Any guidance would be greatly appreciated,
Thanks
Running a query inside a loop is almost always a bad idea. In your case, a better option would be:
<cfif ListLen(valuelist(vins.vin)) gt 0>
<cfquery name=CarsQue datasource = "carsData">
select vin, model, make, etc
from carsDB
where vin in (<cfqueryparam cfsqltype="cf_sql_varchar"
value="#valuelist(vins.vin)#" list="true">)
</cfquery>
<cfset carsStruct = StructNew()>
<cfloop query="carsQue">
code for your struct
</cfloop>
<cfelse>
code for vins query returning no data
</cfif>
Better yet would be to get all the data with one query. You didn't provide enough information to determine if this was possible, but it often is.
Create a structure outside loop and and setting variable within loop can solve the problem. in a current scenario each time loop run its create a new structure.
you can do some thing like this
<cfset carsStruct= StructNew()>
<cfloop query="VINs">
<cfquery name="carsQue" datasource="carsData">
SELECT VIN, MODEL, MAKE, etc
FROM CarsDB
WHERE VIN = <cfqueryparam cf_sql_type="cf_sql_varchar" value="#VINs.VIN#">
</cfquery>
<cfset carsStruct[VINs.VIN].MAKE = carsQue.MODEL>
<cfset carsStruct[VINs.VIN].MODEL = carsQue.MAKE>
</cfloop>
Based on the limited information you've given you should be able to run one query and loop through that to add to your struct.
<cfset carsStruct= {}> //new struct
<cfif VINs.RecordCount> //your VINs query has records
<cfquery name="carsQueue" datasource="carsData">
SELECT VIN, MODEL, MAKE, etc
FROM CarsDB
// Quoted list of all your VINs. cfqueryparam prevents against SQL injection
WHERE VIN IN (<cfqueryparam cf_sql_type="cf_sql_varchar" value="#ValueList(VINs.VIN)#" list="true">
</cfquery>
<cfloop query="carsQueue">
<cfset carsStruct.[carsQueue.VIN].MAKE = carsQueue.MODEL>
<cfset carsStruct.[carsQueue.VIN].MODEL = carsQueue.MAKE>
</cfloop>
<cfelse>
// if VINs query return nothing a blank struct will be returned.
//You do NOT need this <cfelse> unless you are returning something when the query is blank
</cfif>
I am trying to write a function for a survey where it pulls questions from a database. The catch is that there are both active and unactive questions. I need older questions to show up when someone views the results from an old survey.
Here is the code I am trying within a CFC:
<cffunction name="getAllQuestions" access="public" returntype="query">
<cfargument name="survey" default=0>
<cfif len(#survey#) gt 0>
<cfquery name="getsdate" datasource="blah.database">
select * from past_survey
where survey_id = #survey#
</cfquery>
<cfreturn getsdate>
</cfif>
<cfquery name="getquestions" datasource="blah.database">
select * from pool_questions
<cfif len(#survey#) eq 0>
where active_flag='Y'
<cfelse>
where <cfqueryparam value="#dateformat
(getsdate.survey_date, "yyyy/mm/dd")#"> BETWEEN start_date AND
end_date
</cfif>
order by qtn_nb
</cfquery>
<cfreturn getquestions>
</cffunction>
#survey# is the survey id which is generated by the form. What I am trying to do is that if survey has a value to run query getsdate. Then the second query would run no matter if survey has a value or not. If there is not value it should pull all active questions. If there is a value then it should check if the survey date is between the start date and end date for past questions.
Any advice on how to make this work would be greatly appreciated. Thank you in advance!
<cffunction name="getAllQuestions" access="public" returntype="struct">
<cfargument name="survey" required="true" default="0" type="numeric">
<cfset var qryReturn = ""> <!---Always var scope your variables to prevent them from leaking to other functions --->
<cfset var structReturn = structNew()>
<cfset structReturn.pastSurvey = "">
<cfset structReturn.surveyQuestions = "">
<cfif survey GT 0>
<cfquery name="qryReturn" datasource="blah.database">
SELECT *
FROM past_survey
<!--- Always cfqueryparam to prevent SQL injection attacks & also always reference the scope to prevent confusion --->
WHERE survey_id = <cfqueryparam cfsqltype="cf_sql_integer" value="#arguments.survey#">
</cfquery>
<cfset structReturn.pastSurvey = qryReturn>
<cfelse>
<cfquery name="qryReturn" datasource="blah.database">
SELECT *
FROM pool_questions
<cfif arguments.survey EQ 0>
WHERE active_flag = 'Y'
<cfelse>
WHERE <cfqueryparam value="#dateformat
(getsdate.survey_date, "yyyy/mm/dd")#"> BETWEEN start_date AND
end_date
</cfif>
ORDER BY qtn_nb
</cfquery>
<cfset structReturn.surveyQuestions = qryReturn>
</cfif>
<cfreturn structReturn>
</cffunction>
You probably should be doing this in two separate functions, but I will attempt to answer your question.
My code will return a struct of queries (you can change to an array if you prefer) that returns a past survey and the survey questions
Note: In your example code, you have a few bad practices.
You are checking the length of the survey value rather than checking the value itself.
If you want to ensure that survey always has a value regardless of if it is passed or not, set requried=true and give it a default value.
Use cfqueryparam to prevent sql injection attacks
Any variables created in the function need to be var scoped to prevent them from leaking to other cffunctions in the same cfcomponent. I always do this at the top. Yes, even the name you give a cfquery needs to be var scoped.
Since you are doing a return after your first query, if the survey value is greater than 0 it will never get to the second query where it has the date check.
I see the following problems you need to address.
First, your survey argument has a default value of 0 and you are doing conditional logic on the length of it. The length of "0" is 1, so that condition will always return true.
Next, you state that you want the 2nd query to run whether the first one runs or not, but you refer to a value from the 1st query in the 2nd one. That means if the 1st query does not run, the 2nd one will crash due to an undefined variable.
Next, dateformat returns a string. Applying it the way you do in the 2nd query is at best unnecessary, and at worse, and indication that you are storing the start and end dates in pool_questions as strings. If you are attempting to strip out the time portion of the datefield in the first query, ColdFusion has a cast() function for that.
Also, scope your variables. ie - instead of <cfif len(survey), do this <cfif len(arguments.survey).
Also, var your local variables. In this case, it's the names of your two queries.
That should get you started.