Stack Overflow
Stack Overflow

Questions tagged [cfqueryparam]

`` is a ColdFusion tag that is used to parameterize values that are used in the ``

Some of the benefits to using the <cfqueryparam> tag include:

  • All special characters are escaped
  • Protection against SQL injection attacks.
  • While ColdFusion is not strongly typed, SQL is. The CFSQLTYPE attribute converts the ColdFusion variables to the proper SQL type
  • NULLs can be handled separately from blank strings
  • ColdFusion lists can be converted for use in SQL Select IN statements
  • SQL can make better use of query plans

For more details

https://helpx.adobe.com/coldfusion/cfml-reference/coldfusion-tags/tags-p-q/cfqueryparam.html

For cfscript equivalent

https://helpx.adobe.com/coldfusion/cfml-reference/coldfusion-functions/functions-m-r/queryexecute.html

Also see

65 questions
1
vote
3 answers

Trouble adding cfqueryparam tags

I'm trying to secure this code but every time I add cfqueryparam tags I get errors about parameter binding. I am certain I am setting the cfsqltype attribute to the right value. The last select statement is where all hell breaks loose.
Celeritas
  • 14,489
  • 36
  • 113
  • 194
0
votes
2 answers

the Dot Character got encode when encoding a URL by coldfusion

Hi um using this piece of code to encode a url by coldfusion dataURL=, and it encode the dot character as well and this results a different…
not 0x12
  • 19,360
  • 22
  • 67
  • 133
0
votes
3 answers

Error in my CFQUERYPARAM

I'm sure I'm just doing this horribly wrong with CFQUERYPARAM, but here's what I'm trying to do: SELECT * FROM UsrMatchActualTR2 WHERE session = #userSess# AND user_id = #userID# …
Anthony Tantillo
  • 300
  • 1
  • 3
  • 12
0
votes
1 answer

React- adding query param with pushState adds trailing slash before params (without react router)

I'm trying to manipulate my query params directly without any library (like react-router- because i don't need them now). The problem is when i try to add query params using this codes: let url = new…
Amin.Qarabaqi
  • 661
  • 7
  • 19
0
votes
0 answers

In coldfusion, queryExecute() can i use JSON structure with {} and : for 2nd parameter 'params' type struct of struct.what are pros and cons?

I am struggling b/w two syntaxes of coldfusion. Please, Help..!! QueryExecute(sql, params, options); Normal syntax: sqlEmployees = "SELECT * FROM Employees                  WHERE empid = :empid                    AND country =…
user1439071
  • 11
  • 2
0
votes
1 answer

Update query not updating integer fields using CFQUERYPARAM

I have a simple update query, only one table involved. I first wrote this without using CFQUERYPARAM and kept getting errors when the integer fields (zip,plus 4, etc) were null. So, I rewrote using CFQUERYPARAM so that the null values didn't produce…
D Wright
  • 3
  • 1
0
votes
2 answers

problem with ColdFusion cfqueryparam and a complicated query

I have a query where I am inserting ~300 records using one insert query. For each record, I have to do replaces and operations on the data. I just found out I have to use cfqueryparam now because one of the records is a CLOB and is reaching a…
cmzmuffin
  • 181
  • 1
  • 5
0
votes
1 answer

ColdFusion Sanatize SQL

I'm trying to loop over tableList and run a query for each table getting the count from each. Not all of the code is included but the problem is the cfqueryparam. When I run this code right now the error says "INVALID TABLE NAME". Here is what I am…
Cole Perry
  • 333
  • 1
  • 5
  • 27
0
votes
2 answers

querying with nulls and lists

I have QueryExecute( SELECT * FROM dbo.pages WHERE ID IN ( :id ) ... , { id : { value = rc.id, cfsqltype : "cf_sql_integer, list : true } } Almost all the time this works. The thing is rc.id can be blank. If it is…
James A Mohler
  • 11,060
  • 15
  • 46
  • 72
0
votes
0 answers

How to check if query and function are executed successfully?

I have function that takes few arguments then query delete will be executed. Right after that I call another function that will update table with time stamp and user id. The code that I use looks like this: remote function deleteComment(required…
espresso_coffee
  • 5,980
  • 11
  • 83
  • 193
0
votes
1 answer

ColdFusion to PHP: Can I make queries as easily?

I'm working for a large company that has a ton of ColdFusion web applications. They're requiring all these apps to transition to new platforms/languages. One of these applications is quite large and complex. Its target is PHP due to resource…
Chris
  • 254
  • 1
  • 11
0
votes
3 answers

Check if argument exist in the structure, if not set to NULL?

I have a set of radio buttons that I would like to validate on the server side. First I created structure that has the argument names for the key. Then each name is set to different values that the radio button can have. Here is an…
espresso_coffee
  • 5,980
  • 11
  • 83
  • 193
0
votes
1 answer

Tool to scan queries and add cfqueryparam where needed

I am looking for a tool that will go through my coldfusion code files and add cfqueryparam's where needed. I found many that will scan and show me where I need to make changes but I found one at…
Rodney D
  • 11
  • 2
0
votes
1 answer

shows "?" instead of number

here is my coldfusion code: SELECT MIN(legacy_sale_id) AS legacy_sale_id , cc_id , сс_name , sales_rep_name , original_sale_id …
acesta
  • 79
  • 11
0
votes
1 answer

ColdFusion - cfproc param : How do I call stored proc with db defined variable %TYPE?

I have a stored proc in Oracle. One of the input params is a defined type (see below). The error I get whenever I call the cfstoredproc is "expression is of wrong type ORA-06550". It's a formatted varchar, it's a table column. There's no CFPROCPARAM…
Alan
  • 259
  • 2
  • 9
1 2 3
4
5