Ray wrote:
As someone who used to always pounce on folks for using evaluate, I believe
I remember reading recently a blog entry from an Adobian that points out
that evaluate is not nearly as slow as it used to be. Now when I recommend
against Evaluate I do so on readability terms rather
SELECT *
FROM Contacts
WHERE Contacts.ContactType = 'Physician'
AND Contacts.#FORM.Field# = '#FORM[FORM.Field]#'
ORDER BY Contacts.LastName
And then throw in some cfqueryparams.
But what's more interesting is how to protect against SQL injection with
Contacts.#FORM.Field#! Is it a problem?
If
So FORM[FORM.FIELD] didn't work instead of Evaluate(FORM.#FORM.Field#)?
On Wed, Sep 10, 2008 at 11:03 PM, David Moore, Jr. wrote:
How then would you approach the following without Evaluate, because it was
the only way I could get it to work: (oh, let the fun begin, the shame. I
probably
You need to make sure form.field contains a valid column and kill the query
if it doesn't. Your use of evaluate is not the worst thing about this sample
query (ha).
Try this..
cfset colList = col1,col2,col3/
cfquery name=getPhysicianRecords datasource=#DSN#
SELECT *
FROM
Adrian Wrote:
SELECT * FROM Contacts WHERE Contacts.ContactType = 'Physician' AND
Contacts.#FORM.Field# = '#FORM[FORM.Field]#' ORDER BY Contacts.LastName
What is the [] for. How would they be used. I have never used them at all. What
is the protocal. Is that CF or SQL or... And then throw
Good question.
[] are CF constructs. These two are equivalent:
FORM.someVar = 101
and
FORM[someVar] = 101
You'd use the latter for dynamic variable names:
FORM[someVar i]
Deffo use cfqps, have a look back in the cf-talk archives to see a bunch of
trouble caused by the lack of them in SQL
David Moore, Jr. wrote:
What is the [] for. How would they be used.
That is called 'Array Notation'. All ColdFusion variables are now
structures AKA 'Associative Array' or 'Hash' or many other names. But
it means that you can dynamically reference the elements of complex
variables by using
While we are on the subject. I know I have asked this before But I still
haven't figured out a way to do this.
I have a bunch of CFC's loaded in memory that I want to call based on the
The table name. Is there a way to avoid using evaluate in cases like this:
cfset MyServiceObj =
David,
Everything in CF (starting with CFMX and partially before that) is an
object that has a parent.
For example, if I do the following:
cfset x = 10/
I have created a member of the variables scope (variables is the
object and x is the member).
So I could do the following with x:
Gerald Guido wrote:
cfset MyServiceObj = evaluate(Application.#arguments.MyTable#Service)/
cfset mystring = MyServiceObj.save#arguments.MyTable#(myBeanObj) /
cfreturn evaluate(mystring) /
Many TIA
Well I think the first line could be...
cfset MyServiceObe = Application[arguments.MyTable
A little correction:
cfoutput#variables[x]#/cfoutput
should be:
cfoutput#variables[x]#/cfoutput
Adrian
-Original Message-
From: Mark Kruger [mailto:[EMAIL PROTECTED]
Sent: 10 September 2008 16:19
To: CF-Talk
Subject: RE: How NOT to Evaluate (moved from cfset so not to confuse
topic)
Try...
cfset myService = APPLICATION[ARGUMENTS.myTable Service]
This would be nice:
cfset myService[save ARGUMENTS.myTable](myBeanObj)
But instead you have to do:
cfinvoke component=#myService# method=save#ARGUMENTS.myTable#
returnvariable=aVarIfYouWantOne
cfinvokeargument
Adrian Lynch wrote:
A little correction:
cfoutput#variables[x]#/cfoutput
should be:
cfoutput#variables[x]#/cfoutput
Adrian
OR
cfset x = x
cfoutput#variable[x]#/cfoutput
:)
But yea, what does that really gain for you.
Oh and you might also try this:
cfset theMethodIWantToRun = myService[save#ARGUMENTS.myTable#]
cfset theMethodIWantToRun(myBeanObj)
I have a feeling this doesn't work as I remember doing something like this
in the past and then went back to using cfinvoke.
Adrian
-Original Message-
Right... And doh!
Mark A. Kruger, CFG, MCSE
(402) 408-3733 ext 105
www.cfwebtools.com
www.coldfusionmuse.com
www.necfug.com
-Original Message-
From: Adrian Lynch [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 10, 2008 10:27 AM
To: CF-Talk
Subject: RE: How NOT to Evaluate (moved
Thanx Adrian and Ian. That worked. First try even..That was the secret
handshake I was looking for.
~G~
On Wed, Sep 10, 2008 at 11:25 AM, Ian Skinner [EMAIL PROTECTED] wrote:
Gerald Guido wrote:
cfset MyServiceObj =
evaluate(Application.#arguments.MyTable#Service)/
cfset mystring =
A bit off topic - but a warning. I seem to remember a bug with
cfqueryparam and array syntax on structs. Ie
cfqueryparam value=#form[key]#
If I remember right, a single quote would end up throwing an error. I
seem to remember this in 7.0.0, and it was probably fixed in an
updater.
I'm just
You people are just scary smart. At least I have my good looks to fall back on
:) (I wish)...
~David
_
See how Windows connects the people, information, and fun that are part of your
life.
There is an order of precedence (which I don't remember offhand) that CF
looks at when a variable isn't scoped. It goes down the list until it finds
a variable with a value.
Mark...I do have a question, with your cfoutput statements below...are you
saying that those three would output the same?
lol
Shouldn't that be:
cfset x = x
cfoutput#variable[variable.x]#/cfoutput
/lol
-Original Message-
From: Ian Skinner [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 10, 2008 11:37 AM
To: CF-Talk
Subject: Re: How NOT to Evaluate (moved from cfset so not to
Well, if you'll were trying to make it clearer - it's darker than pitch now.
Smart - but confusing. Seriously. I'm, lost again.
Let's just do this one:
cfoutput query=getPhysicianSubTypes startrow=#Evaluate(start)#
maxrows=#Evaluate(end)#
and this one, which is from a tag I got of Adobe 2
Ok... Thanx All. Now this one is kicking my butt.
cfset mystring = MyServiceObj.delete#arguments.MyTable#(#arguments.MyPK#
= myBeanObj.get#arguments.MyPK#()) /
cfreturn evaluate(mystring) /
Using tblUsers it would render this
cfset MyServiceObj.deleteTableUsers (UserID =
If it's the arguments that's causing trouble, try this:
[Do the cfinvoke thing here to get the user ID]
cfset args = StructNew()
cfset args[arguments.MyPK] = userID
Then pass that structure into the method:
cfset MyServiceObj.deleteTableUsers(argumentCollection = args)
Adrian
-Original
What's wrong with cfinvoke? Any reason you don't want to use that?
On Wed, Sep 10, 2008 at 11:29 AM, Gerald Guido [EMAIL PROTECTED] wrote:
Ok... Thanx All. Now this one is kicking my butt.
cfset mystring = MyServiceObj.delete#arguments.MyTable#(#arguments.MyPK#
=
What's wrong with cfinvoke? Any reason you don't want to use that?
No good reason... other than I want to have it all be in CFscript when I am
done. More of a personal confronting my demons and pushing my limits
thing than anything else. Kinda like your code contests. Sorry if this is
using too
Untested but should work:
cfquery name=getPhysicianRecords datasource=#DSN#
SELECT * FROM Contacts
WHERE Contacts.ContactType = 'Physician'
cfif Len(form.field) AND StructKeyExists(form,form.field)
AND Contacts.#FORM.Field# = '#Trim(form[form.field])#'
cfelse
1 = 0
/cfelse
ORDER BY
Judah wrote: Untested but should work: cfquery name=getPhysicianRecords
datasource=#DSN# SELECT * FROM Contacts WHERE Contacts.ContactType =
'Physician' cfif Len(form.field) AND StructKeyExists(form,form.field) AND
Contacts.#FORM.Field# = '#Trim(form[form.field])#' cfelse 1 = 0 /cfelse
ORDER
cfinvoke component=#myService#
method=save#ARGUMENTS.myTable#
returnvariable=aVarIfYouWantOne
cfinvokeargument name=myBeanObj value=#myBeanObj#
/cfinvoke
I found on one of Ben Nadel's blog recently that you can (at least with
CF8 and the latest updater) use 1 as the name of the argument.
Showing my ignorance again, but it is already showing so why not.
What does the 1 = 0 do?
Evaluates to false and returns no records in the query.
--
s. isaac dealey ^ new epoch
isn't it time for a change?
ph: 781.769.0723
http://onTap.riaforge.org/blog
Ah, sorry, didn't explain fully. I did a StructKeyExists and a Len to make
sure that the field you are going to evaluate really exists in the form. If
it doesn't, you don't want your cfquery to throw a gnarly error (most
likely) so if the assertion is false, the WHERE clause becomes WHERE 1 = 0
Now I am having one of those v8Aha!/v8 moments.
Thank you...
~David
Judah wrote: Ah, sorry, didn't explain fully. I did a StructKeyExists and a
Len to make sure that the field you are going to evaluate really exists in the
form. If it doesn't, you don't want your cfquery to throw a
Eric,
Yes.. (and sorry for the delay in answering)... You are correct... It was a
typo. It should have read cfoutput#variables[x]#/cfoutput ... My bad
:)
Mark A. Kruger, CFG, MCSE
(402) 408-3733 ext 105
www.cfwebtools.com
www.coldfusionmuse.com
www.necfug.com
-Original Message-
From:
32 matches
Mail list logo
