我可以queryparam使用ColdFusion在MySQL IN语句中使用的字符串吗? [英] Can I queryparam a string used in a MySQL IN statement using ColdFusion?
问题描述
我正在运行MySQL 5.0.88和Coldfusion8。
在表单中,我从表中获取了一些记录ID,并将它们发送到服务器。字符串将如下所示:
9900000002985,9900000003180,9900000003203,9900000003487,9900000003579
我将其传递到MySQL,最初是这样:
SELECT bk。*
FROM header AS bk
WHERE 1
AND bk.iln_kaeufer IN(#passed_in_string#)
我一直在尝试使用cfqueryparam,如下所示:
< cfqueryparam cfsqltype =cf_sql_longvarcharvalue =#passed_in_string#>
但这会导致ColdFusion中的错误。而如果我直接在MySQL中运行查询,它的工作原理。所以它必须是我的cfqueryparam声明。
我通过AJAX从远程位置传递此表单。因此,除了AJAX提交错误,我没有收到任何错误消息。
问题:
如何如果我不能使用cfqueryparam
?
谢谢!
解决方案您要使用
列表
和分隔符
cfqueryparam
的参数。SELECT bk。*
FROM header AS bk
WHERE 1
AND bk.iln_kaeufer IN(< cfqueryparam list =yesseparator =,cfsqltype =cf_sql_longvarcharvalue =#passed_in_string#>)
I'm running MySQL 5.0.88 and Coldfusion8.
In a form, I'm grabbing a number of record ids from a table and send them to the server. The string will look like so:
9900000002985,9900000003180,9900000003203,9900000003487,9900000003579
I'm then passing this into MySQL, initially like so:
SELECT bk.* FROM header AS bk WHERE 1 AND bk.iln_kaeufer IN ( #passed_in_string# )
I have been trying for a while to use cfqueryparam like so:
<cfqueryparam cfsqltype="cf_sql_longvarchar" value="#passed_in_string#">
But this causes an error in ColdFusion. Whereas if I run the query directly in MySQL, it works. So it must be something with my cfqueryparam declaration.
I'm passing this form through AJAX from a remote location. So I don't get any error messages except for an AJAX commit error.
Question:
How do I secure the above string if I can't usecfqueryparam
?Thanks!
解决方案You want to use the
list
andseparator
parameters ofcfqueryparam
.SELECT bk.* FROM header AS bk WHERE 1 AND bk.iln_kaeufer IN ( <cfqueryparam list="yes" separator="," cfsqltype="cf_sql_longvarchar" value="#passed_in_string#">)
这篇关于我可以queryparam使用ColdFusion在MySQL IN语句中使用的字符串吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!