Are you ABSOLUTELY sure you want your users this type of access to your data?
I have worked on projects where this type of functionality has been present. The results ranged from slightly annoying to, completely having to restore the tables from a back up. Please remember that not many average users are adept at formulating well qualified SQL statements. > -----Original Message----- > From: Rob Harrington [mailto:[EMAIL PROTECTED] > Sent: Monday, September 25, 2006 2:22 PM > To: CF-Newbie > Subject: Re: Executing a user input query > > All set - figured it out myself... > > > > > I am creating a page that allows a user to write and submit their own > > SQL query via a form textarea with the data being returned on the page. > > So far I have been pretty successful except that when a user inputs a > > query with a WHERE clause that references a char column type (i.e. > > select * from Exchanges WHERE country = 'USA') it doesn't work. > > However when the WHERE clause references a numeric column (i.e. select > > * from Exchanges WHERE exchangeID=5) it works fine. Could this have > > something to do with the quotes? How can I handle this? Here is a > > snippet of my code: > > > ................ > > > > > > <form method="post" name="formQuery" action="InputSQL.cfm"> > > <input type="hidden" value="DoMyQuery" name="MyQuery"> > > <textarea style="overflow:auto" name="sqlquery" rows="8" > > cols="100"></textarea><br /><br /> > > <input type="submit"> > > </form> > > > > <cfif form.MyQuery eq "DoMyQuery"> > > <cfset thequery = form.sqlquery> > > <cfoutput>#thequery#</cfoutput> > > <!--- executes the query---> > > <cfquery datasource="MarketData" name="GetData"> > > #form.sqlquery# > > </cfquery> > > > ...................... > > > > > > Thanks for any help... > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Newbie/message.cfm/messageid:2096 Subscription: http://www.houseoffusion.com/groups/CF-Newbie/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.15
