ee
> ampersands;
>
>
>
> and stored it in the DB. When I pull it back out of my DB, I reverse the
> Replace() call.
>
> Works like a champ.
>
>> -Original Message-
>> From: Michael Ross [mailto:[EMAIL PROTECTED]]
>> Sent: Friday, February 14, 2003 10:02
http://www.showstopperonline.com
-Original Message-
From: Mark A. Kruger - CFG [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 14, 2003 12:31 PM
To: CF-Talk
Subject: RE: Get Actual Query Run
Let's say you are building a query from user input. Let's say
(completely
ridiculous I know) that
ious condition. It's
important to scrub the string of keywords and other potentially damaging
stuff BEFORE you replace the single quotes and store the data.
Another thing to note is that passing integers directly into a query is even
more dangerous. An injection attacker doesn't have to fut
I'm kind of doing this with a project... in a process, I have a query that
is VERY varied, depending on various factors, so there's lots of ifs,
switch/cases, etc. that determine the query in the end.
What I do is (like some others have mentioned) build up a string variable
with the query code.
-1847
http://www.showstopperonline.com
-Original Message-
From: Mark A. Kruger - CFG [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 14, 2003 11:22 AM
To: CF-Talk
Subject: RE: Get Actual Query Run
Michael,
If you do this in production mode for some reason watch out. You will
be
for
believe.
-Mark
-Original Message-
From: Matthew Small [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 14, 2003 10:11 AM
To: CF-Talk
Subject: RE: Get Actual Query Run
So write the code that is in your cfquery into a file:
select * from table where id = #id#
I think you can get the
>I have a question. I have a query that is built depending on many things,
>the where statement, order by, actual columns asked for that kinda
>thing. I want to save what the actual sql text is that ran that query.
> Like what you can see in the debugging code. Does this make sense? Any
You could also put it between CFSAVECONTENT tags if you want to save it to a
variable.
> -Original Message-
> From: charlie griefer [mailto:[EMAIL PROTECTED]]
> Sent: Friday, February 14, 2003 11:14 AM
> To: CF-Talk
> Subject: Re: Get Actual Query Run
>
>
> Is
Actual Query Run
I have a question. I have a query that is built depending on many things,
the where statement, order by, actual columns asked for that kinda
thing. I want to save what the actual sql text is that ran that query.
Like what you can see in the debugging code. Does this make
-Original Message-
From: Michael Ross [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 14, 2003 11:02 AM
To: CF-Talk
Subject: Get Actual Query Run
I have a question. I have a query that is built depending on many
things, the where statement, order by, actual columns asked for that
Also if you wanted a TXT file or something, sure, just a
variable to hold the lines of SQL then write the variable
to a file using CFFILE
>>> [EMAIL PROTECTED] 02/14/03 11:02AM >>>
I have a question. I have a query that is built depending on many
things, the where statement, order by, actual col
Is it just that you want to see the actual SQL code that was passed to the
database?
Just take the code between your tags and pop it into
tags.
?
charlie
Michael Ross writes:
> I have a question. I have a query that is built depending on many things, the where
>statement, order by,
if you have debugging turned on with the options under Debugging
Options, you will see EVERY query that was executed, # of records, time
it took to process the query and more
>>> [EMAIL PROTECTED] 02/14/03 11:02AM >>>
I have a question. I have a query that is built depending on many
things, the
I have a question. I have a query that is built depending on many things, the where
statement, order by, actual columns asked for that kinda thing. I want to save
what the actual sql text is that ran that query. Like what you can see in the
debugging code. Does this make sense? Any help
14 matches
Mail list logo
