tags:

views:

67

answers:

1
+4  Q: 

Is it possible to rebind sql paramters using the result from a cfquery?

When I run the following code:

<cfquery name="someQuery" result="queryResult" datasource="wetakepictures">
  SELECT id 
  FROM events
  WHERE category_id = <cfqueryparam value="1" cfsqltype="cf_sql_integer">
     OR title like <cfqueryparam value="%test%" cfsqltype="cf_sql_varchar">
</cfquery>

<cfoutput>
  #queryResult.sql# <br />
  #ArrayToList(queryResult.sqlparameters)#
</cfoutput>

It outputs:

SELECT id FROM events WHERE category_id = ? OR title like ?
1,%test%

I need the actual string "SELECT id FROM events WHERE category_id = 1 OR title like '%test%'".

Is there a way to rebind the parameters to the sql?

---- edit ----

The reason for doing this is to eliminate duplicate SQL when paginating results. I would like to do something like this: 

<cftransaction>
  <cfquery name='getCount' result='queryResult'>
     SELECT count(*)
     ... conditions that are guarded by <cfif> ...
  </cfquery>

  <cfquery name='getLimitedRecords'>
     #replace(queryResult.sql, 'count(*)', 'id')#
     LIMIT ... based on pagination ...
  </cfquery>
</cftransaction>

Note: I've looked at this question and decided to use two queries with MySQL.

+1  A: 

Two approaches, depending on what you are trying to do:

Ben Nadel:Merging ColdFusion SQL Debugging And Query Params With Javascript - useful if all you want is to copy and paste

A better debugging template - useful if you want to reverse engineer the code to reconstruct your query in code and do some logging, etc.

Antony  2010-05-03 04:06:55
Thanks for the links but they wont do the trick. It needs to be done server side so Nadel's approach is out. The better debugging template just uses string replace to rebind the parameters so the rebuilt query is susceptible to sql injection.
Lawrence Barsanti  2010-05-03 13:31:23
how is it susceptible - if you are doing this server side and persisting the query in the session scope it never goes near a user. anyway, i'm not sure your idea is a great appraoch to pagination and it feels like premature optimisation
Antony  2010-05-03 21:24:03

related questions

Backup SQL Schema Only?
Sql to query a dbs scheme
Timer-based event triggers
Sql query, count and group by
Paging SQL Server 2005 Results
SQL 2005 For XML Explicit - Need help formatting
How do I use T-SQL Group By
What all do I need to escape when sending a (My)SQL query?
Split String in SQL
Datatable vs Dataset
ASP.NET MVC "CRUD" Database Sample
Convert HashBytes to VarChar
Best Book for a new Database Developer
What is the best way to avoid SQL injection attacks?
What language do you use for Postgresql triggers and stored procedures?
What is the best way to handle multiple permission types?
How do I index a database field
Swap unique indexed column values in database.
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
Is there a version control system for database structure changes?
How to export data from SQL Server 2005 to MySQL
ASP.NET Site Maps
Decoding T-SQL CAST in C#/VB.net
Flat File Databases in PHP