Basically, the cfset sqlToRun = ... / is kind of redundant and
negates the benefit of the cfquery tag. Put all you SQL inside the
cfquery tag. cfqueryparam is only valid within cfquery tags.
Dominic
2009/6/28 Jason Slack applesl...@gmail.com:
CF 8.01 OS X.
I have:
cfset sqlToRun = INSERT
I am using CF8 and I have a query object (with 1 record) called 'role' with the
following 4 column names: groups, positions, role and teams.
I wish to work around a problem by inserting a value ('homeCla') to the
'positions' column/cell.
Using cfset Temp = QuerySetCell(role, 'positions',
Could you show more of your code. This works for me.
Oh and you don't need to assign to a temp var when using QuerySetCell.
Adrian
-Original Message-
From: Kamru Miah [mailto:k.m...@csl.gov.uk]
Sent: 30 June 2009 11:43
To: cf-talk
Subject: query object error
I am using CF8
I just realised that the 'role' query form a include file is
returntype=struct, and not returntype=query - dah!
So now the question is, how do I insert a value to the 'positions' cell of the
structure, please?
Could you show more of your code. This works for me.
Oh and you don't need to
cfset role.positions = your value
-Original Message-
From: Kamru Miah [mailto:k.m...@csl.gov.uk]
Sent: 30 June 2009 12:08
To: cf-talk
Subject: Re: query object error
I just realised that the 'role' query form a include file is
returntype=struct, and not returntype=query -
Thanks - problem solved (and simpler than StuctUpdate, too!) :-)
cfset role.positions = your value
~|
Want to reach the ColdFusion community with something they want? Let them know
on the House of Fusion mailing lists
Archive:
As Dominic said, putting the entire sql statement in as a variable in
ColdFusion isn't necessary. Many languages like php that sort of thing is
necessary but in ColdFusion, as Dominic said, it's just redundant.
However, just for future knowledge sake, the reason your receiving this
error is
it's not good practice in ColdFusion to do this.
I don't agree with that : sometimes you have to do multiple updates, inserts or
else at the same time, depending on your process and some conditions; instead
of doing multiple cfquery (and thus multiple db connections), it is sometimes
cool
As Dominic said, putting the entire sql statement in as a variable in
ColdFusion isn't necessary.
Please, there IS a very good reason one would put an SQL statement in a
variable:
when using some tool to generate build queries for instance.
I have many examples in my own CMS, like a report
And with preserveSingleQuotes() you have to hope you're better at
cleaning input than hackers are at writing SQL injection. And yes, we
all know you're totally awesome at it; this response is for others
who'd rather not make that bet.
mxAjax / CFAjax docs and other useful articles:
Hmm.. yeah I can see your point. There are instances where it would be ok to
feed in an entire sql statement through cf variables. I think my point was
just that this shouldn't be a regular practice as it's unnecessary. It also
makes editing the sql statement more difficult and it's more bulky
And with preserveSingleQuotes() you have to hope you're better at
cleaning input than hackers are at writing SQL injection.
When I'm talking about a CMS, I'm talking about some tool some customers
have paid for
and that is only accessible by approved users with authentication.
Now if they want
Hi, folks.
I'm retrieving an XML packet from an API that uses the XML-RPC standard
(http://www.xmlrpc.com/spec).
When I connect to the Login method of this API, I need to pull the session ID
out of the packet. I can do that long-hand with this:
cfset local.loginResponseSID =
There's no reason you need a variable to do multiple updates in a
single query statement. You can still put the SQL inside the query
tags and, as you say, separate the statements with a semi-colon.
Scott
On Tue, Jun 30, 2009 at 6:55 AM, Stephane Vantroyens...@emakina.com wrote:
I don't agree
Azadi Saryev wrote:
something like this?
http://cfsilence.com/blog/client/index.cfm/2007/8/21/Ajax-Paging-Through-Records-On-Scroll
Not quite, that was mostly about the front end view. I'm trying to
figure out the back end model.
What is going to be happening on the server to handle a
Yeah, I agree, and I think the fact that you couldn't sanitize your inputs
with cfqueryparam is a big reason to not do that.
If it were me, and I had either multiple queries that I wanted to be
executed at the same time or I had a custom tag or component that I needed
to feed in sql too, I would
When I'm talking about a CMS, I'm talking about some tool some customers
have paid for and that is only accessible by approved users with
authentication.
Now if they want to hack and sabotage their own application they have
paid for, it's their problem, and if it ever happens, they will pay
Sure, as long as the CMS has no XSS attack points...
mxAjax / CFAjax docs and other useful articles:
http://www.bifrost.com.au/blog/
2009/6/30 Claude Schneegans schneeg...@internetique.com:
And with preserveSingleQuotes() you have to hope you're better at
cleaning input than hackers are at
Internal security problems are far more common than external ones.
Within a large organization, not all users may be trustworthy.
C'mon, if they are users and they have access to the system, if they go
crazy,
do they really need SQL injection to harm the system ?
They can simply delete all
With SQL injection they can delete what they don't have access to.
With XSS they can do that while making it look like someone else did
it.
mxAjax / CFAjax docs and other useful articles:
http://www.bifrost.com.au/blog/
2009/6/30 Claude Schneegans schneeg...@internetique.com:
Internal
With XSS they can do that while making it look like someone else did it.
Probably, but my clients barely know the difference between a computer
and a toaster,
and I spend more of my time explaining them that in order to press
Ctrl, they must find a key
on their keyboard with the letters Ctrl
On Friday 26 Jun 2009, Paul Alkema wrote:
I would just set your variables in the application variables scope instead
of the server variable scope. Or you could set a request variable on the
application.cfm page and just call that every time you need it.
Or store the common settings in a
On Friday 26 Jun 2009, Rick Mason wrote:
8.00 and works fine with IE in 8.01. I've already tried stripping out
anything extra and broke it down to a simple form, but still can't get it
working in production using Firefox.
What gets sent by the form ? GET or POST ? To where ? Can you sniff
Maybe that's what your customers are like, but trust me there are many, many
hackers out their just waiting to find a website to do xss attacks or sql
injection attacks.
Your customers may not be computer savvy, but try explaining to them that
their database got deleted because you weren't
If you don't take security in mind when writing
applications it's just a matter of time before
something bad happens.
I can't tell you how many times I've been contacted by people who have had
their site broken and need an emergency fix. I've made quite a bit of money
fixing other people's
Also, you talk about this like your speaking of only internal
applications
or applications that could never go on a production environment.
Indeed, we were talking about building SQL queries in a variable inside
a Content management system.
Of course, for parts of the site exposed to public,
On Mon, Jun 29, 2009 at 9:33 PM, Arsalan Tariq
Keenarsalk...@hotmail.com wrote:
Well people :)
it is suppose to be an outsourced warehouse where we keep our
products/equipment no e-commerce required :)
I guess I should check ms-access/excel templates for ideas :)
People are trying to
C'mon, if they are users and they have access to the system, if they go
crazy,
do they really need SQL injection to harm the system ?
They can simply delete all what they have access to, they can replace
content by porn, whatever.
Will CFQURYPARAM protect your application against that ?
Anyone know the pros and cons of setting up a db connection as described below?
I could not find the info with Google.
I am setting up a website that will have three separate MySql databases. Db1 is
used in the public area, db2 is used in the value added area (a visitor is
required to obtain
Fixed some syntax errors.
Anyone know the pros and cons of setting up a db connection as
described below? I could not find the info with Google.
I am setting up a website that will have three separate MySql
databases. Db1 is used in the public area, db2 is used in the value
added area
I am setting up a website that will have three separate MySql databases. Db1
is used
in the public area, db2 is used in the value added area (a visitor is
required to obtain a
username and password), and db3 is where the staff maintain the website. From
a
security standpoint, does it
Hello.
I was asked to help build a coldfusion website for a non-profit sport
organization to help speed up the process of online applications, schedules,
etc.
Does anybody know of a good website free or paid that has CF software for a
sport organizer.
Thanks,
Barry
Hi Barry,
You could try http://www.cfm-resources.com/index.cfm?signupType=business. I
honestly don't know how reliable they are though. I haven't tried them but
I've ran across them a couple of times. I think they force adds on your site
which can be annoying.
If I were you, I had a low budget
Why would you recommend that he go to a PHP hosting company? He is looking
for a ColdFusion based solution?
Thank You
Dan Vega
danv...@gmail.com
http://www.danvega.org/
On Tue, Jun 30, 2009 at 3:54 PM, Paul Alkema paulalkemadesi...@gmail.comwrote:
Hi Barry,
You could try
I've been stuck on this for a while and haven't made much progress so I'm
hoping someone can tell me what I'm missing.
I'm using the Ebay API and trying to use make the following method call,
here is the XML from the API:
?xml version=1.0 encoding=utf-8?
SetStoreCategoriesRequest
I am using some code I got from this web site (not sure who the author is) to
tap into FedEx's rate API.
http://cfsearching.blogspot.com/2007/12/how-heck-do-you-use-fedex-rate-web.html
If I try to put a CF variable in the second line below it errors out. If I put
a 1 or 2 in there
Unable to find a constructor for class org.apache.axis.types.
NonNegativeInteger that accepts parameters of type ( java.lang.Integer
).
NonNegativeInteger is expecting a string (ie java.lang.String). Apparently
listLen(..) returns a java.lang.Integer:
cfoutput
ListLen() object type =
DOH... needed JavaCast().
Nevermind.
-Original Message-
From: Chad Gray [mailto:cg...@careyweb.com]
Sent: Tuesday, June 30, 2009 4:40 PM
To: cf-talk
Subject: fedex rates
I am using some code I got from this web site (not sure who the author is)
to tap into FedEx's rate
hi guys, we have just redone an existing asp site using coldfusion (so much
nicer!!).
question: how do we redirect someone using a google link to the old asp page.
we are putting most of them into a remove request with google but would like to
address any strays.
i thought something like the
hi guys, we have just redone an existing asp site using coldfusion (so much
nicer!!).
question: how do we redirect someone using a google link to the old asp page.
we are putting most of them into a remove request with google but would like
to address any strays.
i thought something
Set IIS to use a custom error page for 404 errors... make that a
coldfusion page that grabs the cgi variables, determines what page
they want and send them to it that way?
We converted from asp to cfml a few years back, kept the same
database, so I grabbed the query string and switched it
Barry I'm not allowed to offer you free hosting or my Chairman of
Finance will start feeding me ground glass in my dinner, but I can
talk about pretty low fee for you. ColdFusion 8, plus plenty of
disk space, bandwidth, uptime, SQLServer etc etc.
If you have a budget at all and aren't limited
you do not even need to have any function. you can just use:
a href=javascript:void(0); onclick=...
Azadi Saryev
Sabai-dee.com
http://www.sabai-dee.com/
On 29/06/2009 03:15, David McGuigan wrote:
a href= javascript: functionThatExistsButReturnsFalse( ); onclick= etc(
); etc/a
So,
43 matches
Mail list logo