Something like this maybe?
<cfscript>
dataObject[1][1] = "myField"; // field name
dataObject[1][2] = "myValue"; // value
dataObject[1][3] = "myDataType" // data type
</cfscript>
<cfloop from="1" to="#arrayLen(dataObject)#" index="i">
and #dataObject[i][1]# = <cfqueryparam value="#dataObject[i][2]"
cfsqltype="#dataObject[i][3]">
</cfloop>
Thats off the dome so it could be wrong some.
Mary Jo Sminkey wrote:
>> Anyone have a good way of doing this and keep safe from SQL injection?
>
> Do you have any information at all about the field types/columns being
> included? There are certainly ways to handle this if you just have something
> like a string of words you want to search on or known phrases, such that you
> can split them out into cfqueryparams. If it's just a random where clause,
> that would be a lot more challenging, if not impossible, to make hacker-safe.
>
> --- Mary Jo
>
>
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad.doubleclick.net/clk;192386516;25150098;k
Archive:
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:305286
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
