In an update query, to a tinyint field which allows nulls, I have the update
dbfield=#mydatefield#
If mydatefield has no value, sql is throwing an error. The field allows
nulls. I've never had to say if then NULL before. What the heck?
Robert Harrison
Full Stack Developer
AIMG
rharri
#
If mydatefield has no value, sql is throwing an error. The field allows
nulls. I've never had to say if then NULL before. What the heck?
Robert Harrison
Full Stack Developer
AIMG
rharri...@aimg.com
Main Office: 704-321-1234 ext.118
Direct Line: 516-302-4345
www.aimg.com
Dbfield=cfqueryparam value=#mydatefield# cfsqltype=CF_SQL_TINYINT
null=#not len(mydatefield)# /
Steve
-Original Message-
From: Robert Harrison [mailto:rharri...@aimg.com]
Sent: Friday, April 17, 2015 3:58 PM
To: cf-talk
Subject: SQL Server and Nulls
In an update query, to a tinyint
All our currently troubles began with the upgrade to CF11.
Under CF9 our application ran perfectly.
All kinds of strange errors GC out memory /
java.sql.SQLNonTransientConnectionException
Random down times. No pattern or common error that I have yet detected.
I have even considered the
Using information from a Ben Nadel atricle, jsStringFormat( htmlEditFormat())
seems to be catching insertions like b and escaping them.
However, I have tried a number of regex routines from
http://www.symantec.com/connect/articles/detection-sql-injection-and-cross-site-scripting-attacks
plus
-williams.com/blog
Twitter: http://www.twitter.com/austin_williams
-Original Message-
From: Stephens, Larry V [mailto:steph...@iu.edu]
Sent: Friday, August 15, 2014 1:51 PM
To: cf-talk
Subject: protection from sql attacks with regex++
Using information from a Ben Nadel atricle, jsStringFormat
to be catching insertions like b and escaping
them.
However, I have tried a number of regex routines from
http://www.symantec.com/connect/articles/detection-sql-injection-and-cross-site-scripting-attacks
plus another from a CF article that I can't place at the moment, to catch
statements like select
Doing that on everything.
-Original Message-
From: Robert Harrison [mailto:rob...@austin-williams.com]
Sent: Friday, August 15, 2014 1:54 PM
To: cf-talk
Subject: RE: protection from sql attacks with regex++
Uhm... cfqueryparam
Robert Harrison
Director of Interactive Services
Doing that on everything.
If you're parametrizing everything on the queries then what is the concern?
-Justin
~|
Order the Adobe Coldfusion Anthology now!
Dear,
Thanks for your replies. But still am facing issue.
@Paul,
Yes. I was using ODBC socket datasource to connect CF with SQL server
database. In that the connection was successful but Arabic didn't display
properly in CFM page.(In db the datatype is correctly used nvarchar and I
can see
and Unicode for data sources configured for non-Latin
characters. This solved the issue. Now am able to successfully connect CF9
with SQL server 2008 and Arabic text is displaying as well.
Your valuable time help is really appreciated.
Thanks,
Sathya.R
On Thu, Aug 7, 2014 at 10:34 AM
On 8/7/2014 1:34 PM, Sathyanarayanan Ramanathan wrote:
Yes. I was using ODBC socket datasource to connect CF with SQL server
well you can stop now.
Driver]Error establishing socket to host and port: 127.0.0.1:1433.
use real IP or server name instead of 127.0.0.1. if you're using
to insert Arabic text into my
ColdFusion application with SQL Server 2008 database.
*Issue 1: *Now I have existing SQL server 2008 db with Arabic text data in
some table columns. But when I try to fetch display using CF even after
adding charset in meta tag cfprocessingdirective as UTF-8 all Arabic
Last time, my suggestion was to make sure the Enable High ASCII
characters and Unicode for data sources configured for non-Latin
characters² setting was enabled on your CF datasource but that was before
I realized it was an oracle datasource. If you are using a SQL Server
datasource this time
are using a SQL Server
datasource this time, that setting should apply so make sure the setting
is enabled and try it again.
will only have effect on cfqueryparam.
~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com
On 8/6/2014 8:17 PM, Sathyanarayanan Ramanathan wrote:
*Issue 1: *Now I have existing SQL server 2008 db with Arabic text data in
some table columns. But when I try to fetch display using CF even after
adding charset in meta tag cfprocessingdirective as UTF-8 all Arabic text
appeared
:
*Issue 1: *Now I have existing SQL server 2008 db with Arabic text data
in
some table columns. But when I try to fetch display using CF even
after
adding charset in meta tag cfprocessingdirective as UTF-8 all Arabic
text
appeared as .
?? means your text data is garbaged from the db
On 8/7/2014 6:16 AM, Bobby wrote:
He said the arabic text was actually in the database but only ??? when
retrieving/displaying with CF. Wouldnt it be garbage IN the db if it wasnt
an nchar/nvarchar data type?
could be already garbaged as far as cf unicode go. in the bad old days (pre
Thanks everyone for the suggestions. I've tested the one at this link:
http://www.mssqltips.com/sqlservertip/1555/sql-server-find-and-replace-values-in-all-tables-and-all-text-columns/
and it works perfectly.
I mentioned previously that I was hoping to run it in CF, and that was
partially
/sqlservertip/1555/sql-server-find-and-replace-values-in-all-tables-and-all-text-columns/and
it works perfectly.
I mentioned previously that I was hoping to run it in CF, and that was
partially because some of the hosts don't like to give direct access to the
data bases on their servers
you could just used a stored procedure which will save it directly to the
database, and then execute it from CF
That never even crossed my mind. Good idea. Thanks.
Robert Harrison
Director of Interactive Services
Austin Williams
Advertising I Branding I Digital I Direct
125 Kennedy
Does anyone have an update program that can update a text string in all
tables/rows/columns of an MS SQL data base?
Need to do a global text string replace on several sites. Any help appreciated.
Thanks,
Robert Harrison
Director of Interactive Services
Austin Williams
Advertising I
you mean like this
http://www.mssqltips.com/sqlservertip/1555/sql-server-find-and-replace-values-in-all-tables-and-all-text-columns/
On Tue, Mar 4, 2014 at 1:55 PM, Robert Harrison
rob...@austin-williams.comwrote:
Does anyone have an update program that can update a text string in all
Take a look at the sys.tables and sys.columns tables in your SQL database.
You should be able to write a couple of cursors to loop over each and just
print out the SQL to run separately (or you can get fancy and generate the
SQL statement and run it via EXEC sp_executeSQL functions). I don't
Yes, I do mean like that, but I was really hoping someone had it already
written up in CF with a tested procedure they would be willing to share.
I was able to find several downloads for PHP, but nothing for CF.
Thanks
Robert Harrison
Director of Interactive Services
Austin Williams
Actually, that's the kind of operation that you'd not want to perform in CF
(or PHP or any other database client). Unless you truly need all that data
within a CF page for some other reason, you shouldn't be sending it all
back and forth between DBMS and CF.
--- Ben
(Sent from my newest Android
Actually, that's the kind of operation that you'd not want to perform in CF (or
PHP or any other database client). Unless you truly need all that data within a
CF page for some other reason, you shouldn't be sending it all back and forth
between DBMS and CF.
... I'm going to do this locally,
I agree with Ben...this is something that you should be running in SQL
Management Studio. ColdFusion is not meant to run this kind of stuff
(unless you set the timeout on your templates to 0). The code attached
below will loop over all of the user tables, and then loop over all of the
text
Thanks
I'm going to go down with a SQL user and not use the windows authentication.
It wasn't my choice to use more this is what I was given.
Thanks for your help
Sent from my iPhone
On 11 Feb 2014, at 22:50, Russ Michaels r...@michaels.me.uk wrote:
I would also point out that if you
Hi,
Im having difficulty in creating a datasource to SQL server that has windows
authentication setup.
When i create the datasource using the SA account it creates successfully, but
when i try and use the windows account i get an error:
'Login failed for user'\domain\username'
i have checked
Would you happen to be using MS SQL Express locally? You may need to
adjust your TCP/IP connection settings for SQL, as well as adjust the
systems firewall rules for access. The following post may assist some:
http://www.fusioncube.net/index.php/coldfusion-sql-server-express
Steve 'Cutter
best method is to use mixed mode and use an sql login from coldfusion dsn.
If you want to use a windows authentication then you need to run coldfusion
under a windows user with authentication on the sql server.
On Tue, Feb 11, 2014 at 8:43 PM, Anthony Doherty anthony...@gmail.comwrote:
Hi
Im having difficulty in creating a datasource to SQL server that has windows
authentication setup.
When i create the datasource using the SA account it creates successfully,
but when i try and use the windows
account i get an error:
'Login failed for user'\domain\username'
i have
I would also point out that if you are currently running CF as system, then
you obviously have not locked it down either, so you should consider doing
that.
You should also remember that if you run CF as a domain user who has access
to network resources and all the databases on your sql server
This may not be the right place to post this (man, CF-TALK has changed a lot
in the last 5 or so years ;)).
I have a simple SQL query that is showing up as running slow. When I run it
via the Management Studio it is sometimes fast 0.1 seconds and sometimes,
seemingly randomly slow 1.5 minutes
-
From: Brook Davies [mailto:cft...@logiforms.com]
Sent: Thursday, December 05, 2013 11:26 AM
To: cf-talk
Subject: Simple SQL Query sometimes really Slow?
This may not be the right place to post this (man, CF-TALK has changed a lot
in the last 5 or so years ;)).
I have a simple SQL query
ve found mixing
datatypes within an index usually doesnt gain much in query performance.
Since 2008, SQL Server has the default Lock Escalation setting as Table,
which means that the processing of large updates will lock to the table. You
can see the specifics of whats happening under
execution plan. You can give it hints on which
index to use at the table level using something like the following: SELECT
* FROM tablename WITH (INDEX({indexname})) WHERE . A good primer on
using index hints can be found here:
http://blog.sqlauthority.com/2009/02/08/sql-server-introduction
for analyzing the execution plan, check out SQL Sentry Plan Explorer. They
have a free version, and it's a much better tool for execution plan
analysis than Management Studio
On Thu, Dec 5, 2013 at 10:03 AM, Mark A Kruger mkru...@cfwebtools.comwrote:
Brooke,
Couple of points of inquiry
:
This may not be the right place to post this (man, CF-TALK has changed a
lot
in the last 5 or so years ;)).
I have a simple SQL query that is showing up as running slow. When I run it
via the Management Studio it is sometimes fast 0.1 seconds and sometimes,
seemingly randomly slow 1.5 minutes
, I'll try them!
Whohoo! Cftalk is alive!!
Brook
-Original Message-
From: Byron Mann [mailto:byronos...@gmail.com]
Sent: December-05-13 10:22 AM
To: cf-talk
Subject: Re: Simple SQL Query sometimes really Slow?
Could never figure this out, but we had a similar issue on 2005 with a date
services or reboot the server the neo-databasesource file loses
it's structure causing no access to the database unless I remove the connection
string and cut of SQL force encryption. Anyone with any insight on this type of
issue. Please advise
services or reboot
the server the neo-databasesource file loses it's structure causing no access
to the database unless I remove the
connection string and cut of SQL force encryption. Anyone with any insight on
this type of issue. Please advise?
It's not clear to me whether you're having
Hello all
How can I output sql aliases as headers in a table?
See attached.
~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive:
http
in the same way that you would output any column name in a table.
You just output it.
thAlias Name/th
On Thu, Aug 29, 2013 at 1:29 PM, Monique Boea moniqueb...@gmail.com wrote:
Hello all
How can I output sql aliases as headers in a table?
See attached
but the sql column name is what I need to have as the table column name and
there are spaces in the aliases.
On Thu, Aug 29, 2013 at 10:46 AM, Russ Michaels r...@michaels.me.uk wrote:
in the same way that you would output any column name in a table.
You just output it.
thAlias Name/th
I still do not see what your problem is, it is just text in a table header,
it can be anything you like, including spaces
On Thu, Aug 29, 2013 at 4:01 PM, Monique Boea moniqueb...@gmail.com wrote:
but the sql column name is what I need to have as the table column name and
there are spaces
...@gmail.com
wrote:
but the sql column name is what I need to have as the table column name
and
there are spaces in the aliases.
On Thu, Aug 29, 2013 at 10:46 AM, Russ Michaels r...@michaels.me.uk
wrote:
in the same way that you would output any column name in a table.
You
Subject: Re: Outputting SQL aliases as table headers
They are dynamic with spaces.
~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive:
http
r...@michaels.me.uk
wrote:
I still do not see what your problem is, it is just text in a table
header,
it can be anything you like, including spaces
On Thu, Aug 29, 2013 at 4:01 PM, Monique Boea moniqueb...@gmail.com
wrote:
but the sql column name is what I need to have
of the columns
returned from a cfquery.
Of course replace query_name with the name of your actual query.
-Original Message-
From: Monique Boea [mailto:moniqueb...@gmail.com]
Sent: Thursday, August 29, 2013 11:08 AM
To: cf-talk
Subject: Re: Outputting SQL aliases as table headers
of SQL programming experience and relational database design
⢠Experience with framework architectures
⢠5+ years HTML/CSS development; ideally 3+ years experience with CSS 2
standards
⢠Ideal candidate will have experience with C#, .NET, AJAX/JQuery, or
Team Foundation Server
On Fri, Apr 26, 2013 at 12:56 PM, Richard White wrote:
I am sure there must be a way to restructure this query to bring the time
down
I am afraid we can't really help because most of the information we need
for that is missing. Schema, cardinalities etc.
SELECT * FROM (
SELECT
Hi, I am sure there must be a way to restructure this query to bring the time
down but i cannot see it. Any pointers at all would be greatly appreciated.
Hi,
We have a problem with one of our MySQL statements and wondering if
you guys can help point us in the right direction.
Basically
You could start by replacing SELECT * with SELECT column1, column2,
column3, etc.
On 4/26/13 6:56 AM, Richard White rich...@re-base.net wrote:
Hi, I am sure there must be a way to restructure this query to bring the
time down but i cannot see it. Any pointers at all would be greatly
Thanks Paul.
It occurs to me that even If I put the data in correctly, I still have to
deal with it because I can't really output a utf-16 character to a web
page (or can I?).. I dunno maybe it just works.
time to play...
~|
to that). internally sql
server stores the data as UCS2, that's going to get transformed to UTF-8 (or
whatever you request).
just make sure the columns holding the unicode text data are N dataype
(nvarchar, etc.) you should be good to go
On Tue, Mar 26, 2013 at 11:10 PM, Paul Hastings p...@sustainablegis.comwrote:
SQL Server 2005 does not support UTF-8 apparently.
sure it does.
No, it doesn't. Not really.
http://msdn.microsoft.com/en-us/library/bb330962(v=sql.90).aspx
I'm loading this data from UTF-8 encoded files
you could try this work around.
http://stackoverflow.com/questions/5498033/how-to-write-utf-8-characters-using-bulk-insert-in-sql-server
On Thu, Apr 11, 2013 at 5:53 PM, Rick Root rick.r...@gmail.com wrote:
On Tue, Mar 26, 2013 at 11:10 PM, Paul Hastings p...@sustainablegis.com
wrote
/5498033/how-to-write-utf-8-characters-using-bulk-insert-in-sql-server
On Thu, Apr 11, 2013 at 5:53 PM, Rick Root rick.r...@gmail.com wrote:
On Tue, Mar 26, 2013 at 11:10 PM, Paul Hastings p...@sustainablegis.com
wrote:
SQL Server 2005 does not support UTF-8 apparently.
sure
On 4/11/2013 11:53 PM, Rick Root wrote:
No, it doesn't. Not really.
http://msdn.microsoft.com/en-us/library/bb330962(v=sql.90).aspx
actually that page and a decade of my experience says it does. UTF-8 will get
transformed (its designed for that) to UCS2 by the db driver. for all practical
Hi,
We have a problem with one of our MySQL statements and wondering if you guys
can help point us in the right direction.
Basically the following statement is taking 5 seconds to run. We have diagnosed
it is down to the join of two select statement. When the select statements are
run
I need to keep track the changes in my all updates/deleted in sql.
I was researching to find the solution and couldn't find anything useful.
other than CDC in sql 2008.
I don't want to handle this on application level .i.e. saving extra record
in my audit table etc, I want to do it on database
. After the
data is copied, then you could actually run the update/delete.
Steve
-Original Message-
From: Asim Manzur [mailto:bytel...@gmail.com]
Sent: Thursday, March 28, 2013 2:34 PM
To: cf-talk
Subject: CDC in sql 2008
I need to keep track the changes in my all updates/deleted in sql
need to keep track the changes in my all updates/deleted in sql.
I was researching to find the solution and couldn't find anything useful.
other than CDC in sql 2008.
I don't want to handle this on application level .i.e. saving extra record
in my audit table etc, I want to do it on database
it in notepad++
IF I open the document in Word, it asks me for a character encoding and I
say UTF 8, and it appears to show the em dash as a single character:
AMEX ADR (copy paste from word)
However, when the data is loaded into SQL Server, it goes in as three
characters. unicode 915-199-71
In fact
and I
say UTF 8, and it appears to show the em dash as a single character:
AMEX ADR (copy paste from word)
However, when the data is loaded into SQL Server, it goes in as three
characters. unicode 915-199-71
In fact, it looks like pretty much all of these special characters start
(not sure, not
familiar w/it). UTF-whatever are variable width encodings of unicode. UTF
encodes all of the million or so unicode code points as 1-4 bytes (8-bit). if
something bad happens those encodings can blow apart look like multiple
chars.
However, when the data is loaded into SQL Server
Hello all
I was told that the following sql is taking too long to run but the person
doing load testing:
SELECT @intCourseCompletions=(SELECT COUNT(intMemberStageID) as completions
FROM tblMemberStages WHERE bitCompleted=1)
It is a stored proc.
Any suggestions on how I can optimize
[mailto:moniqueb...@gmail.com]
Sent: Wednesday, February 20, 2013 11:07 AM
To: cf-talk
Subject: How would you optimize this SQL?
Hello all
I was told that the following sql is taking too long to run but the person
doing load testing:
SELECT @intCourseCompletions=(SELECT COUNT(intMemberStageID
: Torrent Girl [mailto:moniqueb...@gmail.com]
Sent: Wednesday, February 20, 2013 11:07 AM
To: cf-talk
Subject: How would you optimize this SQL?
Thank you.
~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe
to see which works best.
Steve
-Original Message-
From: Torrent Girl [mailto:moniqueb...@gmail.com]
Sent: Wednesday, February 20, 2013 11:07 AM
To: cf-talk
Subject: How would you optimize this SQL?
Thank you
You could also add schema prefixes to your tables and columns (or alias
them) as well as make the 1 a parameter.
That should help with execution plan caching.
Actually, caching the execution plan with a parameter here is probably
a bad idea - at least half the time!
When you have a bit
Will it even cache the plan without the 1 being a parameter?
In either case, I'd still advocate the use of schema prefixes/aliases.
On 2/20/13 1:15 PM, Dave Watts dwa...@figleaf.com wrote:
You could also add schema prefixes to your tables and columns (or alias
them) as well as make the 1 a
Will it even cache the plan without the 1 being a parameter?
Sure, by default. If you just run a query like SELECT * FROM
mytable, the database server will cache that execution plan.
Parameters usually let you more effectively reuse execution plans,
that's all. For example, if you had two
Subject: RE: Truncating pages SQL 2000
So, the data is fine in the db, but not displaying all of it? What does the
variable look like upon retrieval? Is there something odd in the data that
it's causing the truncation?
On 2013-02-18 10:39 AM, Jenny Gavin-Wear jenn...@fasttrackonline.co.uk
wrote
Hi all,
Is there anything that could cause truncation of data in an ntext field,
either by sql or coldfusion, or some other way?
I have a CMS app that has been running a site for a few years and the
content field of the CMS pages has become truncated. I need to determine
whether this was user
...@fasttrackonline.co.uk
wrote:
Hi all,
Is there anything that could cause truncation of data in an ntext field,
either by sql or coldfusion, or some other way?
I have a CMS app that has been running a site for a few years and the
content field of the CMS pages has become truncated. I need
Hi Rob,
Thanks for your reply. I'm getting rusty! I forgot to enable long text
retrieval on a new server.
Cheers,
Jenny
-Original Message-
From: Rob Parkhill [mailto:robert.parkh...@gmail.com]
Sent: 18 February 2013 13:49
To: cf-talk
Subject: Re: Truncating pages SQL 2000
Jenny
Actually, looking at it again. It's not the writing of the data, it's the
retrieval, so no actual truncation takes place?
-Original Message-
From: Jenny Gavin-Wear [mailto:jenn...@fasttrackonline.co.uk]
Sent: 18 February 2013 15:28
To: cf-talk
Subject: RE: Truncating pages SQL 2000
. It's not the writing of the data, it's the
retrieval, so no actual truncation takes place?
-Original Message-
From: Jenny Gavin-Wear [mailto:jenn...@fasttrackonline.co.uk]
Sent: 18 February 2013 15:28
To: cf-talk
Subject: RE: Truncating pages SQL 2000
Hi Rob,
Thanks for your reply
Yes indeed. We had some attempts to injection attack via a fake
useragent variable in the CGI scope, as we were logging visiting
useragents in a database table.
Luckily they were not able to execute any code thanks to tight SQL
permissions, but the code they were trying to execute was written
Hi Greg
As I continue to update my security processes, I'm curious
Was this injection attempt at the url or at a form input.
Thanks
Rob
On 22 Jan 2013 at 11:12, Greg Morphis wrote:
I saw some request errors but what were they trying to do?
This is what the onRequest error email showed
It was attempted via the URL
On Wed, Jan 23, 2013 at 11:57 AM, Rob Voyle robvo...@voyle.com wrote:
Hi Greg
As I continue to update my security processes, I'm curious
Was this injection attempt at the url or at a form input.
Thanks
Rob
On 22 Jan 2013 at 11:12, Greg Morphis wrote:
On Wed, Jan 23, 2013 at 12:57 PM, Rob Voyle robvo...@voyle.com wrote:
Hi Greg
As I continue to update my security processes, I'm curious
Was this injection attempt at the url or at a form input.
Keep in mind that vulnerabilites can come from any input that the attacker
can manipulate, eg
Hello,
I've been doing pretty well w/ my site so far but the powers-that-be requested
a last minute addendum to the code and I'm not sure how to write it. I was
hoping you folks could be of assistance to this developer-in-training.
As it stands, a certain page (random.cfm) will pull info
I saw some request errors but what were they trying to do?
This is what the onRequest error email showed
declare @q varchar(8000) select @q =
0x57414954464F522044454C4159202730303A30303A313527 exec(@q)
~|
Order the Adobe
That's hex for, ?WAITFOR DELAY '00:00:15'
On Tue, Jan 22, 2013 at 11:12 AM, Greg Morphis gmorp...@gmail.com wrote:
0x57414954464F522044454C4159202730303A30303A313527
--
John Bliss - http://about.me/jbliss
~|
Order the
Ah so they were just checking to see if they could get something to work
before possibly trying anything real.
Thanks!
On Tue, Jan 22, 2013 at 11:15 AM, John M Bliss bliss.j...@gmail.com wrote:
That's hex for, ?WAITFOR DELAY '00:00:15'
On Tue, Jan 22, 2013 at 11:12 AM, Greg Morphis
Ah so they were just checking to see if they could get something to work
before possibly trying anything real.
That's a pretty standard approach. If they can get the response to
delay then they can mark that URL as a potential entry point to come
back and explore more later.
-Justin
If you add a name attribute to your submit button:
input type=submit name=submit value=Enter New Donor
then when the form is submitted, there will be a corresponding submit
key added to the form scope. Then, as others have suggested, wrap your
query in:
cfif StructKeyExists(form, submit)
) enter a donor's information into a webform, click
submit, and the data will subsequently be inserted into the SQL Server (2005)
table dbo.DONOR, which while it's under development, has only six fields: kcid
(auto-incrementing PK/UID for the database) and the other five which you see
latest issue w/ my burgeoning new website is the input.cfm page, where
an end-user may (in theory) enter a donor's information into a webform,
click submit, and the data will subsequently be inserted into the SQL
Server (2005) table dbo.DONOR, which while it's under development, has only
six
scrubbing before the cfquery to
prevent SQL injection.
- Dave
-Original Message-
From: listmas...@houseoffusion.com [mailto:listmas...@houseoffusion.com] On
Behalf Of B Griffith
Sent: Tuesday, January 15, 2013 12:34 PM
To: cf-talk
Subject: form-post to SQL-insert creates double-entry
Hello
-post to SQL-insert creates double-entry
Do you mean that all the code on one page (input.cfm)?
If so, this about it logically. The addDonor query is processed every time
the page is loaded- once where the user enters the data (blank data except
for the PK) and a second time (with the user entered
a donor's information into a webform,
click submit, and the data will subsequently be inserted into the SQL
Server (2005) table dbo.DONOR, which while it's under development, has only
six fields: kcid (auto-incrementing PK/UID for the database) and the other
five which you see in the code below
protect against sql injection
http://help.adobe.com/en_US/ColdFusion/9.0/CFMLRef/WSc3ff6d0ea77859461172e0811cbec22c24-7f6f.html
-Leigh
~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp
Fellas,
Thank you very much! It worked like a charm. And I'm taking your suggestion
re: data scrubbing/validation, I have a CF8 book that will hopefully shed a
little light on that subject.
I only just noticed there is a ColdFusion Newbie forum here and that is
probably where my
may (in theory) enter a donor's information into a webform,
click submit, and the data will subsequently be inserted into the SQL
Server (2005) table dbo.DONOR, which while it's under development, has only
six fields: kcid (auto-incrementing PK/UID for the database) and the other
five which you
during your logic to action something on the page validate it in some
slight way.
EG.
cfparam name='form.value' default=
cfif len(form.value)
TAKE SOME ACTION
/cfif
On Tue, Jan 15, 2013 at 1:44 PM, Matt Quackenbush quackfu...@gmail.com wrote:
You are running the insert query each time
1 - 100 of 14006 matches
Mail list logo