NOt sure about MySQL, but in MS SQL you use "DELETE FROM..." and not what you have "DELETE * FROM..."
I don't see any reason why the "*" would be needed, because all deletes delete the entire record HTH BTW...look into CFQUERYPARAM...it will help stop SQL injection attacks (among many other useful things it does). You have IDs coming via the URL and you currently do not check to see if they are valid values. Someone could theorhetically pass a DROP ALL statement in place of a normal ID value and toast your database!!! Merry Ho Ho huh ;-) Cheers Bryan Stevenson B.Comm. VP & Director of E-Commerce Development Electric Edge Systems Group Inc. phone: 250.480.0642 fax: 250.480.1264 cell: 250.920.8830 e-mail: [EMAIL PROTECTED] web: www.electricedgesystems.com ----- Original Message ----- From: "Jason Smith" <[EMAIL PROTECTED]> To: "CF-Talk" <[email protected]> Sent: Tuesday, December 21, 2004 1:24 PM Subject: No Thumbnails > Well after debugging some code I have come across more image problems > mainly to deal with uploading the images. The code is fairly long I'll > post > a sniplet of it and if anyone needs anymore I'll be happy to get more. > > I'm attempting to upload a image file while deleting another image file. > After the deleting and uploading the thumb nailing is next to take place > at > the current state of the application it's bombing out on the upload. > > <!--- 1 START ---> > <cfif errFlag eq 0> > > <cflock scope="Session" type="Exclusive" timeout="30" > throwontimeout="no"> > <cfset SESSION.errMessage = ""> > </cflock> > > <!--- FIRST DELETE THE SELECTED IMAGES ---> > <cfquery name="getItemImages" datasource="#DS#"> > SELECT itemImageID, itemImageURL > FROM tblItemImages > WHERE itemID = #URL.itemID# > </cfquery> > > <cfoutput query="getItemImages"> > > <!--- 2 START ---> > <cfif isDefined('FORM.chkDelete_#itemImageID#')> > <cffile > action="delete" > > file="#Request.RootSystemPath#zimages\uploadedItemImages\#itemImageURL#"> > > <cfquery name="deleteImageURL" datasource="#DS#"> > DELETE * > FROM tblItemImages > WHERE itemImageID = #itemImageID# > </cfquery> > </cfif> > <!--- 2 FINISH ---> > > </cfoutput> > > <!--- CREATE FILE UPLOAD THAT ONLY ACCEPTS JPGs AND GIFs AND THAT > IT IS SMALLER THAN 205000 BYTES (200KB)---> > > <!--- 2 START ---> > <cfif URL.imgNum neq 0> > > <!--- 3 START ---> > <cfif parameterExists(process)> > <cfloop from="1" to="#URL.imgNum#" index="i"> > <cftry> > > <!--- 4 START ---> > <cfif len(evaluate('attachment' & > i))> > <cffile > action="UPLOAD" > > filefield="attachment#i#" > > destination="#Request.RootSystemPath#zimages\uploadedItemImages\" > > > nameconflict="MAKEUNIQUE" > > accept="image/pjpeg, > image/jpeg, image/PJPEG, image/JPEG, image/pgif, image/gif, image/PGIF, > image/GIF, image/jpg"> > </cfif> > <!--- 4 FINISH ---> > > The Error: > > Syntax error or access violation: You have an error in your SQL syntax. > Check the manual that corresponds to your MySQL server version for the > right syntax to use near '* FROM tblItemImages WHERE itemImageID = > 6355' at lin > > The error occurred in > C:\Inetpub\voremarketing\admin\inventory\updateInventory\updateInventory_Images_action.cfm: > line 81 > > Line 78-82 > > <cfquery name="deleteImageURL" datasource="#DS#"> > DELETE * > FROM tblItemImages > WHERE itemImageID = #itemImageID# > </cfquery> > > I'm baffled by the error itemImageID 6355 is in the database and exists. > > > > > > > Web Your Business Inc., - located in Loveland, Colorado; serving the > World! > http://www.webyourbusiness.com/ - & - http://www.aaabusinesshosting.com/ > Phone: 970-593-6260 - Fax: 970-593-6267 - Toll Free: 1-877-416-8655 > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Special thanks to the CF Community Suite Silver Sponsor - CFDynamics http://www.cfdynamics.com Message: http://www.houseoffusion.com/lists.cfm/link=i:4:188480 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
