the attribute conundrum

Sun, 07 Mar 2010 18:59:48 -0800 

I've been pulling hair out trying to figure this out.  App has been
displaying notifications when it shouldn't and I couldn't spot why.

Basically, ecommerce app selling unique/limited items.  Before committing
the order, I run a check to see if the item has been sold or is
otherwise unavailable.  If it has been and the quantity in the cart needs to
be adjusted, I store what has changed and display it to the user.

This is the call to the query:

<cfmodule
fuseaction="qry.qry_cartadjustmentsget"
 qryname="qry_cartadjustmentsget"
personkey="#client.userid#"
 template="#fusebox.rootpath##modself#"
cfid="#cfid#" cftoken="#cftoken#">

Notice that I am passing personkey and NOT personkeylist.  Spotted that and
thought I found the problem.

So here's the query:
<cfparam name="attributes.personKeyList" default="" type="string">
<cfparam name="attributes.cfuserid" default="" type="string">
<cfparam name="attributes.orderInfoBufferKeyList" default="" type="string">
<cfparam name="attributes.qryName" default="qry_orderInfoBufferGet">
<cfif not len("attributes.cfUserID") and not
len("attributes.personKeyList")>
 <cfabort showerror="zero length for both attributes.cfUserID and
attributes.personKeyList">
</cfif>
<cfquery
 name="qry_cartAdjustmentsGet"
datasource="#request.dataSource#">
 SELECT *
FROM #request.sqlObjectPrefix#tblCartAdjustments
 WHERE 1 = 1
<cfif len(attributes.orderInfoBufferKeyList)>
 AND tablePK IN (<cfqueryparam value="#attributes.orderInfoBufferKeyList#"
cfsqltype="CF_SQL_INTEGER" list="Yes">)
 </cfif>
 <cfif len(attributes.personKeyList)>
 AND tblPeopleFK IN (<cfqueryparam value="#attributes.personKeyList#"
cfsqltype="CF_SQL_INTEGER" list="Yes">)
 </cfif>
 <cfif len(attributes.cfuserid)>
 AND cfuserid = <cfqueryparam value="#attributes.cfuserid#"
cfsqltype="CF_SQL_VARCHAR">
 </cfif>
</cfquery>

<cfset "caller.#attributes.qryName#" = qry_cartAdjustmentsGet>

So neither of the required parameters are passed but the query still runs,
returning all records in the table.

Here's the debug info:

SELECT * FROM rhkProd_tblCartAdjustments WHERE 1 = 1

How is this happening?


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Want to reach the ColdFusion community with something they want? Let them know 
on the House of Fusion mailing lists
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:331434
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Reply via email to