thx for the form info, on a side note: became very aware of the value of cfqueryparam last year during the chinese et al sql injection attacks
-- Ryan LeTulle On Tue, Jun 9, 2009 at 8:17 PM, Gabriel <[email protected]> wrote: > > Ryan, > > You can use #form['string'&var]# anywhere, including "form['string'&var] = > x". > > CfQueryParam is a separate issue relating purely to Will's SQL and it's > vulnerability to SQL injection attack. > > Cheers, > Gabriel > > -----Original Message----- > From: Ryan Letulle [mailto:[email protected]] > Sent: Wednesday, 10 June 2009 11:11 AM > To: cf-talk > Subject: Re: CFLOOP inside a CFQuery > > > @gabrieldoes the cfqueryparam matter or can you just use #form['type'&idx]# > in any way? > -- > Ryan LeTulle > > > On Tue, Jun 9, 2009 at 7:58 PM, Gabriel <[email protected]> wrote: > > > > > You don't need evaluate for dynamically created form variables, in > > almost all cases the struct syntax #form['type'&idx]# will suffice and > > is more efficient. For this particular scenario, evaluate is an > > unnecessary overhead and should be avoided. > > > > <cfquery datasource="#request.datasource#"> > > <cfloop from="1" to="#rows#" index="idx"> > > INSERT INTO tbl_ballotOrder ( > > type, > > number, > > issue > > ) VALUES ( > > <cfqueryparam value="#form['type'&idx]#" > > cfsqltype="cf_sql_varchar" />, > > <cfqueryparam value="#form['number'&idx]#" > > cfsqltype="cf_sql_integer" />, > > <cfqueryparam value="#form['issue'&idx]#" > > cfsqltype="cf_sql_varchar" /> > > ) > > </cfloop> > > > > </cfquery> > > > > May I also point out the use of CFQUERYPARAM. It's basic principles; > > unless you've got a *very* fine reason not to, always use cfqueryparam. > > Protect yourself from SQL injection attacks, make your life easier. > > > > No offence intended, but Will I urge you to ignore the 'evaluate' > > based advice. > > > > Cheers, > > Gabriel > > > > -----Original Message----- > > From: Ryan Letulle [mailto:[email protected]] > > Sent: Wednesday, 10 June 2009 10:25 AM > > To: cf-talk > > Subject: Re: CFLOOP inside a CFQuery > > > > > > I agree with NK pay attention to the evaluate function. It works like > > a charm for dynamically created form variables. I use it often. :) > > -- > > Ryan LeTulle > > > > > > On Tue, Jun 9, 2009 at 6:30 PM, N K <[email protected]> wrote: > > > > > > > > Check the following link might help... > > > http://tutorial431.easycfm.com/ > > > > > > > > > > Hello all, > > > > > > > I have a dynamically generated form that I need to figure out how > > > > to get the data from that form in to our database. Here is the way > > > > it works. First the client types in the number of machines they > > > > have and the form generates the correct number of rows so that the > > > > info about each machine is located on a separate row. That all > > > > works well until they hit submit (or will hit submit if I figure > > > > out the next > > part). > > > > How do I create a cfquery that has the correct number of values so > > > > that each machines data is stored correctly? > > > > > > > > For example I will have row one with lets say three fields (Type, > > > > number, issue). Lets say a client has a problem with 10 machines. > > > > The form now has 10 rows with 3 columns in each. Each field in > > > > row one is named type1, number1, issue1 and row two is type2, > > > > number2, issue2, etc.. The number next to the name is placed > > > > there by putting the index of the loop in the name field. So this > > > > is where I was going to use a CFLOOP inside a CFquery to create > > > > field names dynamically. I can get it to repeate the information > > > > correctly, however the problem is the index of the loop does not > > > > seem to get attached to the form value I am putting into the > database. > > > > > > > > I am doing something like: > > > > > > > > <cfquery datasource="#request.datasource#"> > > > > INSERT into tbl_ballotOrder (type, number, issue) Values ( <cfloop > > > > from="1" to="#rows#" step="1" index="LoopCount"> > > > > > > > > '#FORM.type##LoopCount#', '#FORM.number##LoopCount#', '#FORM. > > > > issue##LoopCount#' > > > > > > > > </cfloop> > > > > ) > > > > </cfquery> > > > > </cfif> > > > > > > > > > > > > > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:323309 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
