I am creating a page that allows a user to write and submit their own SQL query
via a form textarea with the data being returned on the page. So far I have
been pretty successful except that when a user inputs a query with a WHERE
clause that references a char column type (i.e. select * from Exchanges WHERE
country = 'USA') it doesn't work. However when the WHERE clause references a
numeric column (i.e. select * from Exchanges WHERE exchangeID=5) it works fine.
Could this have something to do with the quotes? How can I handle this? Here is
a snippet of my code:
................
<form method="post" name="formQuery" action="InputSQL.cfm">
<input type="hidden" value="DoMyQuery" name="MyQuery">
<textarea style="overflow:auto" name="sqlquery" rows="8"
cols="100"></textarea><br /><br />
<input type="submit">
</form>
<cfif form.MyQuery eq "DoMyQuery">
<cfset thequery = form.sqlquery>
<cfoutput>#thequery#</cfoutput>
<!--- executes the query--->
<cfquery datasource="MarketData" name="GetData">
#form.sqlquery#
</cfquery>
......................
Thanks for any help...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting,
up-to-date ColdFusion information by your peers, delivered to your door four
times a year.
http://www.fusionauthority.com/quarterly
Archive:
http://www.houseoffusion.com/groups/CF-Newbie/message.cfm/messageid:2093
Subscription: http://www.houseoffusion.com/groups/CF-Newbie/subscribe.cfm
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.15
