Removed the * deleting images still errors out and when uploading images it still fails to create the thumbnail I'll just continue taking it 1 steo at a time, Thanx for everyone who has helped me fix these small yet important issues and thank you all for the security suggestions.
At 03:03 PM 12/21/2004, you wrote: >In MySQL, you have to remove the "*" for DELETE to work. > > >On Tue, 21 Dec 2004 13:50:57 -0800, Bryan Stevenson ><[EMAIL PROTECTED]> wrote: > > NOt sure about MySQL, but in MS SQL you use "DELETE FROM..." and not what > > you have "DELETE * FROM..." > > > > I don't see any reason why the "*" would be needed, because all deletes > > delete the entire record > > > > HTH > > > > BTW...look into CFQUERYPARAM...it will help stop SQL injection attacks > > (among many other useful things it does). You have IDs coming via the URL > > and you currently do not check to see if they are valid values. Someone > > could theorhetically pass a DROP ALL statement in place of a normal ID > value > > and toast your database!!! Merry Ho Ho huh ;-) > > > > Cheers > > > > Bryan Stevenson B.Comm. > > VP & Director of E-Commerce Development > > Electric Edge Systems Group Inc. > > phone: 250.480.0642 > > fax: 250.480.1264 > > cell: 250.920.8830 > > e-mail: [EMAIL PROTECTED] > > web: www.electricedgesystems.com > > ----- Original Message ----- > > From: "Jason Smith" <[EMAIL PROTECTED]> > > To: "CF-Talk" <[email protected]> > > Sent: Tuesday, December 21, 2004 1:24 PM > > Subject: No Thumbnails > > > > > Well after debugging some code I have come across more image problems > > > mainly to deal with uploading the images. The code is fairly long I'll > > > post > > > a sniplet of it and if anyone needs anymore I'll be happy to get more. > > > > > > I'm attempting to upload a image file while deleting another image file. > > > After the deleting and uploading the thumb nailing is next to take place > > > at > > > the current state of the application it's bombing out on the upload. > > > > > > <!--- 1 START ---> > > > <cfif errFlag eq 0> > > > > > > <cflock scope="Session" type="Exclusive" timeout="30" > > > throwontimeout="no"> > > > <cfset SESSION.errMessage = ""> > > > </cflock> > > > > > > <!--- FIRST DELETE THE SELECTED IMAGES ---> > > > <cfquery name="getItemImages" datasource="#DS#"> > > > SELECT itemImageID, itemImageURL > > > FROM tblItemImages > > > WHERE itemID = #URL.itemID# > > > </cfquery> > > > > > > <cfoutput query="getItemImages"> > > > > > > <!--- 2 START ---> > > > <cfif isDefined('FORM.chkDelete_#itemImageID#')> > > > <cffile > > > action="delete" > > > > > > file="#Request.RootSystemPath#zimages\uploadedItemImages\#itemImageURL#"> > > > > > > <cfquery name="deleteImageURL" datasource="#DS#"> > > > DELETE * > > > FROM tblItemImages > > > WHERE itemImageID = #itemImageID# > > > </cfquery> > > > </cfif> > > > <!--- 2 FINISH ---> > > > > > > </cfoutput> > > > > > > <!--- CREATE FILE UPLOAD THAT ONLY ACCEPTS JPGs AND GIFs AND THAT > > > IT IS SMALLER THAN 205000 BYTES (200KB)---> > > > > > > <!--- 2 START ---> > > > <cfif URL.imgNum neq 0> > > > > > > <!--- 3 START ---> > > > <cfif parameterExists(process)> > > > <cfloop from="1" to="#URL.imgNum#" index="i"> > > > <cftry> > > > > > > <!--- 4 START ---> > > > <cfif len(evaluate('attachment' & > > > i))> > > > <cffile > > > action="UPLOAD" > > > > > > filefield="attachment#i#" > > > > > > destination="#Request.RootSystemPath#zimages\uploadedItemImages\" > > > > > > > > > nameconflict="MAKEUNIQUE" > > > > > > accept="image/pjpeg, > > > image/jpeg, image/PJPEG, image/JPEG, image/pgif, image/gif, image/PGIF, > > > image/GIF, image/jpg"> > > > </cfif> > > > <!--- 4 FINISH ---> > > > > > > The Error: > > > > > > Syntax error or access violation: You have an error in your SQL syntax. > > > Check the manual that corresponds to your MySQL server version for the > > > right syntax to use near '* FROM tblItemImages WHERE itemImageID = > > > 6355' at lin > > > > > > The error occurred in > > > > C:\Inetpub\voremarketing\admin\inventory\updateInventory\updateInventory_Images_action.cfm: > > > line 81 > > > > > > Line 78-82 > > > > > > <cfquery name="deleteImageURL" datasource="#DS#"> > > > DELETE * > > > FROM tblItemImages > > > WHERE itemImageID = #itemImageID# > > > </cfquery> > > > > > > I'm baffled by the error itemImageID 6355 is in the database and exists. > > > > > > > > > > > > > > > > > > > > > Web Your Business Inc., - located in Loveland, Colorado; serving the > > > World! > > > http://www.webyourbusiness.com/ - & - http://www.aaabusinesshosting.com/ > > > Phone: 970-593-6260 - Fax: 970-593-6267 - Toll Free: 1-877-416-8655 > > > > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Special thanks to the CF Community Suite Silver Sponsor - RUWebby http://www.ruwebby.com Message: http://www.houseoffusion.com/lists.cfm/link=i:4:188486 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
