Bill Rawlinson wrote:
>personally, because I hate typing all those getAttributeX() calls I
>do one getMemento call then just reference the struct variables in the
>query.
>
>
I do something very similar to what Bill does. I pass in a LTO
(lightweight transfer object) which is essentially an encapsulated
structure.
An LTO would look something like:
<cfcomponent
displayname="testBeanTO"
output="false"
hint="A LTO which models the testBean form.">
<cffunction name="init" access="public"
returntype="com.maestropublishing.testTO" output="false">
<cfargument name="color" type="string" required="false"
default="" />
<cfargument name="product_line" type="string" required="false"
default="brightColor" />
<cfargument name="amount" type="numeric" required="false"
default="0" />
<cfargument name="date_created" type="string" required="false"
default="#dateConvert('local2UTC',now())#" />
<cfscript>
this.color = arguments.color;
this.product_line = arguments.product_line;
this.amount = arguments.amount;
this.date_created = arguments.date_created;
return this;
</cfscript>
</cffunction>
</cfcomponent>
><cfset var details = arguments.contactDetails.getMemento() />
>
><cfquery name="updateContactDetails" datasource="#variables.DSN#">
> UPDATE tbl_EBR_Institution
> SET Institution_Address1 = '#details.address1#',
> Institution_Address2 = '#details.address2#',
> Institution_Address3 = '#details.address3#',
> Institution_Address4 = '#details.address4#',
> Institution_PostCode = '#details.postcode#',
> Name_of_head = '#details.headName#',
> TelNo_of_head = '#details.headTelNo#',
> FaxNo_of_head = '#details.headFaxNo#',
> Email_of_head = '#details.headEmail#'
> WHERE DRB_Number = '#details.DRBNumber#'
> </cfquery>
>
>
I would do something like:
<cffunction name="create" .... >
<cfargument name="testBeanTO" type="testBeanTO" required="true" />
<cfset var qryCreate = "" />
<cfquery name="qryCreate" ...>
INSERT INTO someTbl SET (
color
...
)
VALUES (
<cfqueryparam value="#arguments.testBeanTO.color#" ... />
...
);
</cfquery>
code to get auto increment number etc.
</cffunction>
>I would also update that query to use <cfqueryparam .. like so:
>
><cfquery name="updateContactDetails" datasource="#variables.DSN#">
> UPDATE tbl_EBR_Institution
> SET Institution_Address1 = <cfqueryparam
>cfsqltype="cf_sql_varchar" value="#details.address1#" />,
> ...
> WHERE DRB_Number = <cfqueryparam
>cfsqltype="cf_sql_varchar" value="#details.DRBNumber#" />
></cfquery>
>
>
>using the cfqueryparam will help with both performance and,
>supposedly, sql injection attacks.
>
>Bill
>
>
Yea, using cfqueryparam turns your SQL into a prepared statement - in
which the values are replaced by ? and your DB replaces those ? with the
list of values that CF sends. This saves your DB from compiling a query
execution plan everytime you call a statement.
--
Peter J. Farrell :: Maestro Publishing
http://blog.maestropublishing.com
Rooibos Generator - New Version! - Version 2.1
Create boilerplate beans and transfer objects for ColdFusion!
http://rooibos.maestropublishing.com/
Member Team Mach-II - It's coming...
----------------------------------------------------------
You are subscribed to cfcdev. To unsubscribe, send an email to
[email protected] with the words 'unsubscribe cfcdev' as the subject of the
email.
CFCDev is run by CFCZone (www.cfczone.org) and supported by CFXHosting
(www.cfxhosting.com).
CFCDev is supported by New Atlanta, makers of BlueDragon
http://www.newatlanta.com/products/bluedragon/index.cfm
An archive of the CFCDev list is available at
www.mail-archive.com/[email protected]
