tags:

views:

103

answers:

2
+2  Q: 

CFQuery where param

In my CF component, I tried to filter data from user input (getSearchString) and run the code, I having problem with WHERE function. Can suggestion what is the correct way?

<cffunction name="getParks" access="remote" returntype="struct">
<cfargument name="page" required="true" />
<cfargument name="pageSize" required="true" />
<cfargument name="gridsortcolumn" required="true" />
<cfargument name="gridsortdirection" required="true" />
<cfargument name="getSearchString" default="" />

<cfif arguments.gridsortcolumn eq "">
    <cfset arguments.gridsortcolumn = "parkName" />
    <cfset arguments.gridsortdirection = "asc" />
</cfif>

<cfquery name="parks" datasource="cfdocexamples">
    select      parkName, parkType, city, state
    from        parks
    where       <cfqueryPARAM value = "#getSearchString#" CFSQLType = "CF_SQL_VARCHAR">
    order by    #arguments.gridsortcolumn# #arguments.gridsortdirection#
</cfquery>

<cfreturn queryconvertforgrid(parks, page, pagesize) />

+4  A: 

It seems to be a simple sql bug. The field which you would like to compare with your searchstring is missing.

Should rather be:

<cfquery name="parks" datasource="cfdocexamples">
    select      parkName, parkType, city, state
    from        parks
    where       parkName = <cfqueryPARAM value = "#getSearchString#" CFSQLType = "CF_SQL_VARCHAR">
    order by    #arguments.gridsortcolumn# #arguments.gridsortdirection#
</cfquery>
Andreas Schuldhaus  2010-04-02 11:54:44
it work but CFGrid doesn't load any data when running the code.
proyb2  2010-04-02 12:03:56
sorry, it work with %..% around that param
proyb2  2010-04-02 12:06:46
A: 

acctually not around param but around getSearchString: WHERE parkName LIKE ... "%#getSearchString#%" ... But beware of performance issue with LIKE, also if you have large number of entries, dataGrid doesn't do real paging. Full blown solution depends on your database type.

zarko.susnjar  2010-04-02 14:16:01

related questions

Backup SQL Schema Only?
Sql to query a dbs scheme
Timer-based event triggers
Sql query, count and group by
Paging SQL Server 2005 Results
SQL 2005 For XML Explicit - Need help formatting
How do I use T-SQL Group By
What all do I need to escape when sending a (My)SQL query?
Split String in SQL
Datatable vs Dataset
ASP.NET MVC "CRUD" Database Sample
Convert HashBytes to VarChar
Best Book for a new Database Developer
What is the best way to avoid SQL injection attacks?
What language do you use for Postgresql triggers and stored procedures?
What is the best way to handle multiple permission types?
How do I index a database field
Swap unique indexed column values in database.
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
Is there a version control system for database structure changes?
How to export data from SQL Server 2005 to MySQL
ASP.NET Site Maps
Decoding T-SQL CAST in C#/VB.net
Flat File Databases in PHP