tags:

views:

183

answers:

3
+1  Q: 

cfquery problem with complex update statements

Hello,

I am trying to fire Update Query using cfquery like below

   <cfquery name = "UpdateRecord"   
            dataSource = #DATASOURCE#   
            username = #DBUSER#   
            password = #DBPASSWORD# 
            result="updateResult" >  
        update table1 
set field1=( select field1 from table2 where field3='Some Value')
 where field4='someothervalue'
     </cfquery> 
    <cfdump var="#UpdateResult#">

But, when I execute this page, the page is not loading, in status bar I can see its loading for long time.

But If I use any simple Update Query like 

update table1 set field1='abc' where field4='someothervalue'

then it is working fine

Can any one has idea how can I execute the queries like above using cfquery?

Thanks

A: 

Are you sure your subselect statement is returning 1 row. It depends on what RDMS you are running, but I'm pretty sure not all databases support this feature. I'd try running the query directly on your database first to see if it runs correctly.

You might be able to force sql to return only 1 row by putting a limit 1 on the end of your query, or if your database doesn't support it wrapping field1 in an aggregate.

SELECT MAX(field1) FROM table2 WHERE field3 = 'Some Value'

Note: If your String values are parameters from the user, you should make sure to use cfqueryparam to protect against SQL injection.

mountainswhim  2009-12-23 03:25:07
Yes, I tried teh same stament on Directly DB, it worked fine there, but its not working if i use cfquery. and my select statement gives only one output. Can we use paranthesis '(',')' in cfquery?
CFUser  2009-12-23 03:45:36
Where are you using '(',')' in the query you posted? There is nothing wrong with using parenthesis. It is likely an issue with your single quotes. When you do not use cfqueryparam CF takes a few steps to help protect you from yourself ;) See my reply to @jarofclay.
Leigh  2009-12-23 17:11:28
+1  A: 

Did you try wrapping your update within PreserveSingleQuotes?

 <cfquery name = "UpdateRecord"   
        dataSource = #DATASOURCE#   
        username = #DBUSER#   
        password = #DBPASSWORD# 
        result="updateResult" >  
   #PreserveSingleQuotes(update table1 set field1=( select field1 from
   table2 where Field3='Some Value') where field4='someothervalue')#
 </cfquery>
kevink  2009-12-23 04:46:49
Yes.. It worked with PreserveSingleQuotes, thanks
CFUser  2009-12-23 05:22:09
I agree with jarofclay, now that it works the next step should be to convert it to use cfqueryparam
kevink  2009-12-23 12:55:02
+2  A: 

If you can try using cfqueryparam for your values and you won't have to use PreserveSingleQuotes. It also protects against SQL injection.

jarofclay  2009-12-23 05:43:09
+1 . CF automatically escapes quotes to mitigate sql injection risks. PreserveSingleQuotes() dismantles that protection and can expose databases to sql injection. Do not use PreserveSingleQuotes() unless it is really needed and you understand the risks. Plus, with cfqueryparam you get some performance benefits from bind variables.
Leigh  2009-12-23 17:01:41

related questions

Restarting ColdFusion mail queue
ColdFusion mail queue stops processing
in ColdFusion 8, can you declare a function as private using cfscript?
ColdFusion Template Request count optimization
How do I speed up data retrieval from .NET AD within ColdFusion
How to call a function dynamically that is part of an instantiated cfc, without using Evaluate()?
Using Google Maps in Coldfusion
We're manually mapping our internal data elements to external vendors' xml schema. there's gotta be a better way...
How do I turn a ColdFusion page into a PDF download?
Importing Access data into SQL Server using ColdFusion
jquery: JFrame plugin fails in IE 7
How do I programatically sanitise coldfusion cfquery parameters.
ColdFusion: Is it safe to leave out the variables keyword in a CFC?
How should you go about learning ASP.NET after life as a ColdFusion developer?
BOM not expected in CF but sent by IIS/SP
cfqueryparam with like operator in coldfusion
Is it possible to find code coverage in ColdFusion?
How can you test to see if two arrays are the same using CFML?
Why is my PDF footer text invisible?
Coldfusion - When to use the "request" scope?
How do I convert images between CMYK and RGB in ColdFusion (java)?
How do I use NTLM authentication with Active Directory
Dynamic Alphabetical Navigation
Wrapping lists into columns
How to get started "writing" a code coverage tool?