> I have a query that I had been just comparing one value so I could use a
> cfqueryparam of varchar, now that same variables may be passing something
> like 203,197 meaning that a sales rep belongs to each of those groups. So
> I
> need to change my query to something IN ('203','197') , but cfqueryparam
> doesn't let me do this. Do I need to use something else besides
> cfqueryparam
> or is there a setting I am not seeing that will allow me to use
> cfqueryparam
> and this?
Nope -- a comma delimited list can't be any given data type. It can't be
either a number or a string because it contains multiple values. The way to
get around this and still use cfqueryparams is to create a loop of query
params...
<cfset myarray = listtoarray(mylist)>
IN (
<cfloop index="x" from="1" to="#arraylen(myarray)#">
<cfif x gt 1>,</cfif>
<cfqueryparam cfsqltype="cf_sql_integer" value="#myarray[x]#">
</cfloop>
)
Or if your concern is of the possibility of a sql insertion attack, you
could optionally just use a REReplace to remove non numeric, non-comma
characters.
IN ( #REReplace(mylist,"[^,0-9]","","ALL")# )
This is less code so it's more efficient for the developer -- not sure which
would be more efficient for the server.
hth
S. Isaac Dealey
Certified Advanced ColdFusion 5 Developer
www.turnkey.to
954-776-0046
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription:
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
