Cfqueryparam inside a cfif
I am in the process of adding <cfquerypram> tags to all
my URL & FORM query variables (to protect against recent SQL
injection attacks) and have come up against a few challenges. If
one of those form/URL variables are a condition within a
<cfif> statement, is it vulnerable to any attacks? Please see
code examples 1 & 2.
Also, how do I handle wrapping the following item in the
<cfqueryparam> tag: NumberFormat(Shipping,'99999.99')? Please
see code example 3 for my first attempt at it (which throws an
error).
Thanks!
pja5362 wrote:
> If one of those form/URL variables are a condition
within a <cfif> statement, is it vulnerable to any attacks?
> Please see code examples 1 & 2.
I cannot say it is invulnerable to _any_ attacks, but #2
seems like a reasonable approach. It does not use any of the user
supplied values directly in the sql. That and the fact that you
have set up a default "cfelse" case to handle any attempts to pass
invalid values. Though personally I prefer switch/case myself. But
that is just me.
> Please see code example 3 for my first attempt at it
(which throws an error).
> <cfqueryparam cfsqltype="CF_SQL_INTEGER"
value="#NumberFormat(Shipping,'99999.99')#"/>
If your value has decimal places, then CF_SQL_INTEGER is
probably the wrong data type.
> <cfif #form.condition2# IS "less"><<cfelseif
#form.condition2# IS "exactly">=<cfelse>></cfif>
BTW, you do not need the extra # signs.
> <cfif Evaluate("Hidden_#counter#") IS "on">
> -1
> <cfelseif Evaluate("Hidden_#counter#") IS "">
> 0
> </cfif>
As an aside
1) The default <cfelse> case is missing. So the query
would fail if the value was something other than "on" or "".
2) Evaluate is probably unnecessary. You can use array
notation to reference dynamic variable names:
#FORM["hidden_"& counter]#
Similar Messages
-
While cleaning up some sql injection problems, I found I had
to rewrite how the inserts were working.
I do not know in advance what fields need to be populated for
inserts so I mad a generic function
to make my inserts.
<cffunction name="insertIntoTable" access="private"
returntype="void">
<cfargument name="table" type="string" required="yes">
<cfargument name="datasource" type="string"
required="yes">
<cfargument name="keyValSet" type="struct"
required="yes">
<cfset var keyList = structKeyList(keyValSet)>
<cfset var curKey = "">
<cfset var curVal = "">
<cfset var comma = "">
<cfset var insertIntoTable = "">
<cfquery datasource="#datasource#"
name="insertIntoTable">
insert into #table# (#keyList#)
values (<cfloop list="#keyList#"
index="curKey">#comma#<cfset comma = ","><cfset curVal
= trim(keyValSet[curKey])><cfif len(curVal) eq
0><cfqueryparam null="yes"><cfelse><cfqueryparam
value="#curVal#"></cfif></cfloop>)
</cfquery>
<cfreturn>
</cffunction>
I know before this call is made that the table names and the
keylist is clean.
I found that I could not simply use a <cfqueryparam
list="yes" ...> as some of
the entries may be null.
My current problem is when someone enters Joe's Crab Shack
into a form field
the corresponding data record results in Joe''s Crab Shack.
I found a hotfix for CF MX 6.1 with something that sounded
similar, however
we are running CF 7.02 on redhat. The db server is an old MS
SQL Server (8.00).It appears that the two single quotes problem occurs only
when cfloop is used, which looks very similar to one of the
problems the hotfix for CF MX 6.1 had.
Has anyone else come across this problem? -
How to publish a flash banner without generating errors?
I need to upload a flash banner every time a condition is
verified. But I have troubles from the HTML code I use to call the
flash banner.
<CFIF #file# IS "fox">
<div><object
classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=5,0,0,0"
width="468" height="60" vspace="0" hspace="0"><param
name=movie value="
http://www.site.com/banners/#address#"><param
name=quality value=high><embed src="
http://www.site.com/banners/#address#"
quality=high pluginspage="
http://www.macromedia.com/shockwave/download/index.cgi?P1_Prod_Version=ShockwaveFlash"
type="application/x-shockwave-flash" width="468" height="60"
vspace="0" hspace="0"></embed></object></div>
</CFIF>
The error i receive is:
Just in time compilation error
Invalid parser construct found on line 30 at position 220
ColdFusion was looking at the following text:
=
Invalid expression format. The usual cause is an error in the
expression structure.
This error is generated by the HTML code inside the CFIF tags
because if I change the code between the conditional tags CFIF, it
works fine.
Exemple:
<CFIF #file# IS "fox">
<div>
Now it works correctly!
</div>
</CFIF>
Please could you suggest me how to resolve this trouble?
Than You,
rikros> codebase="
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#ve
> rsion=5,0,0,0"
# is a reserved CF symbol. If your template has a
non-CF-related # symbol
in it, you need to escape it (##).
http://www.adobe.com/go/tn_17016
Adam -
CFMAIL and adding CC if needed
I am currently looping over a list of email addresses and
sending out the
mail to all users. I'd like to instead check to see if a
variable is set,
and add the cc="" in the cfmail tag instead.
When I try this it fails, I simply did a <cfif MailCC neq
"">cc="[email protected]"</cfif> in the cfmail tag, but
it doesn't seem to like
this.
Has anyone done anything similar?
Or how can I get this to work?
Thanks!i have not tried it, but i know several ways to make it work:
1) put your whole CFMAIL tag inside a cfif block checking for
MailCC var
. you will have 2 complete cfmail tags - one executed when
MailCC var
exists (this one will have the cc=".." attribute in it),
another
(without cc) executed when MailCC var is empty:
<cfif len(trim(MAilCC))>
<cfmail cc="..." ...>
</cfmail>
<cfelse>
<cfmail ...><!--- no cc attrib in this one --->
</cfmail>
</cfif>
2) use attributeCollection attribute of cfmail tag. assumes
you are on
cf8. (or is it only update 1 that allows using
attributeCollection
together with in-tag attributes? if so, you have to be on
cf8.0.1).
something like:
<cfscript>
mailAttr = {};
mailAttr.server = "mail.somedomain.com";
mailAttr.username = "...";
mailAttr.password = "...";
mailAttr.from = "[email protected]";
mailAttr.subject = "mail subject here";
if (len(trim(MailCC)) gt 0)
mailAttr.cc = "[email protected]";
</cfscript>
<cfmail to="..." attributeCollection="#mailAttr#">
</cfmail>
hth
Azadi Saryev
Sabai-dee.com
http://www.sabai-dee.com/ -
I'm writing a program as an add-on to our helpdesk where only
certain IP ranges need to be able to see a link to get to this area
that is being made. It's a laptop checkout system, and only people
in the main two buildings need to be able to see it, as they're the
only ones who can check them out.
I've been trying the cgi.remote_addr command inside a cfif
statement to try and accomplish this, but I just can't seem to get
it to work. This is essentially what it looks like right now
iprange1 is the ip range for the first building, and iprange2
is for the second, they aren't variables but are typed as 1.1.1.*
with the correct numbers.
If anyone can shed some light on this I would be very
appreciative, Thank you.try:
http://cflib.org/udf/isIPInRange -
I have a search page that has 3 possible entries. Service,
City, & Keywords.
Service and City are list/menus and cannot be null, but
Keywords is a text
box and can be null.
I need to write a SQL statement to take the 3 possible
parameters and test
them against the database. Since the first 2 are never null,
I can write
them right inside the SQL string, but how can I only check
for the keywords
if there is something inside the box?
Can I use a <cfif> statement inside the sql string to
only check the 3rd
parameter if it is not NULL?
I wrote this:
Select company, name, phone, city, state, username FROM
members WHERE
city = Form.City AND state = Form.state AND keywords LIKE
Form.keywords
ORDER BY company ASC
Also, since I am passing it from a search page to a results
page, would it
be URL.City verses FORM.City, etc.
Also would like to do this in a component and pass the 3
variables as
arguments with the city and service being required and the
keywords not.
However, I have no idea on what the procedure is for this.
I wrote:
<cfcomponent>
<cffunction name="ServiceSearch" access="remote"
returntype="query">
<cfargument name="service" type="numeric"
required="true">
<cfargument name="city" type="numeric"
required="true">
<cfargument name="keywords" type="string"
required="false">
Select company, name, phone, city, state, username FROM
members WHERE
city = Form.City AND state = Form.state AND keywords LIKE
Form.keywords
ORDER BY company ASC
<cfreturn ServiceResults>
</cffunction>
</cfcomponent>
Do I invoke the component from the results page?
Well, I need to solve the first issue before I attempt the
second. Thanks!
Wally Kolcz
Developer / Support
ProjectProofing.comYes you can put <cfif ...> statements inside a
<cfquery...> tag to
modify the SQL string.
WHERE this = that AND
<cfif len(trim(form.something))>
AnotherThing = '#form.something#'
</cfif>
Is valid.
Whether the form variables on the action page are URL or FORM
depends on
the method of your <form ...> tag. method="post"
creates form variables
on the action page, method="get" creates URL variables on the
action page.
You write <cfargument ...> tags for each argument you
want to pass into
a function.
<cfargument name="city" required="true" ...>
OR
<cfargument name="foobar" required="false" default=""
...>
You then use these in the function with the arguments scope.
#arguments.city# and #arguments.foobar#
You then pass these into the function from your calling page.
There are
numerous ways this can be done, here are a few.
<cfinvoke .... city="Sacramento" foobar="george"/>
<finvoke ... >
<cfinvokeArgument name="city" value="Sacramento">
<cfinvokeArgument name="foobar" value="george">
</cfinvoke>
<cfset myComponent =
createObject("component","my.component.path.andName)>
...myComponent.aFunction("Sacramento","george")...
...myComponent.aFunction(city:"Sacrament",foobar:"george")...o
Wally Kolcz wrote:
> I have a search page that has 3 possible entries.
Service, City, & Keywords.
>
> Service and City are list/menus and cannot be null, but
Keywords is a text
> box and can be null.
>
> I need to write a SQL statement to take the 3 possible
parameters and test
> them against the database. Since the first 2 are never
null, I can write
> them right inside the SQL string, but how can I only
check for the keywords
> if there is something inside the box?
>
> Can I use a <cfif> statement inside the sql string
to only check the 3rd
> parameter if it is not NULL?
>
> I wrote this:
>
> Select company, name, phone, city, state, username FROM
members WHERE
> city = Form.City AND state = Form.state AND keywords
LIKE Form.keywords
> ORDER BY company ASC
>
> Also, since I am passing it from a search page to a
results page, would it
> be URL.City verses FORM.City, etc.
>
> Also would like to do this in a component and pass the 3
variables as
> arguments with the city and service being required and
the keywords not.
> However, I have no idea on what the procedure is for
this.
>
> I wrote:
> <cfcomponent>
> <cffunction name="ServiceSearch" access="remote"
returntype="query">
> <cfargument name="service" type="numeric"
required="true">
> <cfargument name="city" type="numeric"
required="true">
> <cfargument name="keywords" type="string"
required="false">
> Select company, name, phone, city, state, username FROM
members WHERE
> city = Form.City AND state = Form.state AND keywords
LIKE Form.keywords
> ORDER BY company ASC
> <cfreturn ServiceResults>
> </cffunction>
> </cfcomponent>
>
> Do I invoke the component from the results page?
>
> Well, I need to solve the first issue before I attempt
the second. Thanks!
> -
Cfif inside cftextarea not possible?
Hi,
I try to make a cftextarea-field required = yes , if another
formfield is set to 'Y'.
I use a <cfif>statement inside the cftextarea.
<cftextarea name="name"
style="width:530;background-color:yellow"
<cfif query.fieldname eq
'Y'>required="Yes"></cftextarea>
I get the error message:
Invalid token 'c' found
When I use <textarea> instead of <cftextarea>
there is no error, but then the required="Yes" attribute doesn't
work.
Please give me a hint what's wrong!
Thanks
ClaudiaHi Dan,
I try your hint by using a hidden cfinput-field in
combination with a javascript function. It looks like this:
The textarea-field should be required, if the radio is set to
"Y".
<SCRIPT LANGUAGE="JavaScript">
function functionname(p_radio)
if (p_radio[0].checked == true)
document.form1.req_value.value = "Yes";
else if (p_radio[1].checked == true)
document.form1.req_value.value = "No";
</SCRIPT>
<cfform name="form1" method="post">
<cfparam name="form.req_value" default="">
<cfinput name="req_value" type="hidden">
<cfinput type="radio" name="radiobutton"
value="Y"onClick="javascript:functionname('document.form1.radiobutton');">
Yes
<cfinput type="radio" name="radiobutton" value="N"
onClick="javascript:functionname('document.form1.radiobutton');">
No
<cfttextarea name="textareafieldname" rows="4"
required="#form.req_value#" message="...">
The value of the hidden field "req_value" changes when I
press the radios, but it has no effect on the "required"attribute
of the cftextarea-field.
Do have an idea?
Other question: Is it possible to set the required attribute
inside the javascript function?
For example like:
document.forms1.textareafieldname.required = true;
Thanks -
Using conditional statements stored inside a variable
I'm trying to store the body of different emails inside of my
database to use in email sent with cfmail. The content of the
emails has conditional statements using cfif and other variables
based on a query running. If I set the content as a variable and
then place that inside of the cfmail tag it does not process the
cold fusion code. Is there a way that I can process this code so
that the final output is what is placed within the cfmail tag or is
it not possible to do what I'm trying to accomplish? Thanks in
advance for any ideas.Here is a sample taken from the text file. The output created
by the cfsavecontent tag is identical to the text file.
Dear <cfif IsDefined(GetData.strFirstName) AND
GetData.strFirstName IS NOT
"">#GetData.strFirstName#<cfelse>Member</cfif>,
Thank you for joining xxxxxxxxx. We're glad to
have you as a member and appreciate your support. Your
membership
application has been processed and your member packet will
arrive soon.
Your new membership number is #GetData.strCustomerID#. This
number is useful
when buying product from our online store, renewing your
membership or
contacting us with questions or comments.
<cfif GetData.ExpirationDate IS "9999-12-1">We are
especially grateful for your commitment to xxxxxxxx
through your Life Membership.<cfelse>Your membership is
current through #DateFormat(GetData.ExpirationDate, "MMMM
YYYY")#.</cfif> -
Error in cfqueryparam, when getting date field from cfpop
Hi all,
i'm taking data from cfpop to store them in the database.
There are problems with date data:
INSERT .....
POST_DATE = <cfqueryparam value="#date#"
cfsqltype="cf_sql_timestamp">
But it fails in some situations, for instance:
The cause of this output exception was that:
coldfusion.runtime.locale.CFLocaleBase$InvalidDateTimeException:
"19 Sep 2006 00:51:33 +0200" is an invalid date or time string
Ok, I'm using English locale and tried to use
ParseDateTime(date, 'pop'). But it doesn't work either (!):
"19 Sep 2006 00:51:33 +0200" is not a valid date format. But
'pop' supposes, that this is format with time zone offset!!
P.S. The problem was that some email messages had incorrect
date format: one didn't have a day of week, another one - even day
of month!!!
To make life simpler, i've just added a regexp check:
<cfif
ReFindNoCase("[A-z]{3}\,\s[0-9]{2}\s[A-z]{3}\s[0-9]{2,4}\s[0-9]{2}:[0-9]{2}:[0-9]{2}\s(?: \+|\-)?[0-9]{4}",
date, 0)>
<cfset dateField = date>
<cfelse>
<cfset dateField = now()>
</cfif>
I'm not going to parse every possible date format
error.I don't believe there's anyway to have Access ignore it on an import. What you can try instead is link to the file (instead of importing it) and write a query that updates the table based on the linked table, with an appropriate edit on the date/time field.
Doug Steele, Microsoft Access MVP
http://www.AccessMVP.com/djsteele (no e-mails, please!)
Co-author
Access Solutions — Tips, Tricks, and Secrets from Microsoft Access MVPs (ISBN 978-0-470-59168-0) -
How to check for the variable passed to a function inside a component
I'm trying to pass a variable to a function inside of a
component in a conditional statement.
How to check the existance of this variable inside the
function so that I can use the right <CFarguments>:
in aForm.cfm I have:
<cfinvoke component="#application.cfcroot#.business.Order"
method="selOrderItems"
returnvariable="q_OrderItems"
OrderItemAbbreviation="Min"></cfinvoke>
<cfset MCompIDs = ValueList(q_OrderItems.OrderItemID)>
<cfif listFind(MCompIDs,attributes.CompID)>
<cfset isM = true>
<cfelse>
<cfset isM = false>
</cfif>
<cfinvoke component="#application.cfcroot#.business.Order"
method="selOrderItems"
returnvariable="q_OrderItems"
OrderItemAbbreviation="SMEnroll"></cfinvoke>
<cfset SM_CompIDs =
ValueList(q_OrderItems.OrderItemID)>
<cfif listFind(SM_CompIDs,attributes.CompID)>
<cfset isSM = true>
<cfelse>
<cfset isSM = false>
</cfif>
<CFIF isSM>
<cfset temppath = frmcreator.buildFrm(isSMFlag=isSM)>
<CFELSE>
<cfset temppath = frmcreator.buildFrm(isMFlag=isM)>
</CFIF>
On aFormComp.cfc where the function is,
I checked the existance of isSMFlag this way and I got error
saying that :
Context validation error for tag CFARGUMENT.; The tag must be
nested inside a CFFUNCTION tag.
How can I properly check the existance of isSMFlag inside the
function so I can use the right cfarguments?
<CFFUNCTION NAME="buildFrm" access="public"
returntype="String" output="No">
<cfif StructKeyExists(arguments, "isSMFlag")>
<CFARGUMENT NAME="isSMFlag" REQUIRED="YES"
TYPE="NUMERIC">
<cfelse>
<CFARGUMENT NAME="isMFlag" REQUIRED="YES"
TYPE="NUMERIC">
</cfif>
........ etc
</CFFUNCTION><CFFUNCTION NAME="buildFrm" access="public"
returntype="String"
output="No">
<cfif StructKeyExists(arguments, "isSMFlag")>
<CFARGUMENT NAME="isSMFlag" REQUIRED="YES"
TYPE="NUMERIC">
<cfelse>
<CFARGUMENT NAME="isMFlag" REQUIRED="YES"
TYPE="NUMERIC">
</cfif>
........ etc
</CFFUNCTION>
NOT this way, that is for sure.
The <cfargument ...> tag is for defining the arguments
a function
accepts either optional or not, but they are not required.
Give this a
try to see the differences.
test.cfc
<cfcomponent>
<cffunction name="a">
<cfdump var="#arguments#">
</cffunction>
<cffunction name="b">
<cfargument name="foo">
<cfargument name="bar">
<cfdump var="#arguments#>
</cffunction>
</cfcomponent>
test.cfm
<cfset something = createObject("component","test")>
<cfoutput>
#something.a("blue","green")#
#something.b("blue","green")#
</cfoutput>
Not tested or debugged so watch out for typos. -
CFC Best Practise : Using cfif statements in Where Clause
Hi there
Wondering if anyone can advise on the best route to take for handlings cfcs...
I have a function set up as so
<!--- GRAB SONG INFORMATION --->
<cffunction name="getSong" access="remote" output="false" returntype="query" hint="return song information, filtered by user id">
<!---Optional Artist Name Argument--->
<cfargument name="nameArt" type="string" required="false" hint="artist we want to grab song for">
<!---Filter by user ID--->
<cfargument name="idUsr" type="any" required="false" hint="if provided, filter by user id">
<!---Optional Filter by user name--->
<cfargument name="nameUsr" required="false" type="string" hint="if supplied, filter by user name">
<!---Optional song id argument--->
<cfargument name="idSng" required="false" type="numeric" hint="if supplied, grab information for song with this id">
<!--- grab song from database --->
<cfquery name="song" datasource="#APPLICATION.mx#">
// SELECT WHICHEVER FIELDS NECESARRY
SELECT.....
<!---If user id is supplied--->
<cfif isDefined('ARGUMENTS.idUsr')>
<!---Filter results by user id--->
WHERE s.userId = <cfqueryparam value = '#ARGUMENTS.IdUsr#' cfsqltype='CF_SQL_INTEGER'>
</cfif>
<!---If user name is supplied--->
<cfif isDefined('ARGUMENTS.nameUsr')>
<!---Filter results by user id--->
WHERE s.userId = (SELECT iUserID
FROM users
WHERE name = <cfqueryparam value = '#ARGUMENTS.nameUsr#' cfsqltype='CF_SQL_VARCHAR' maxLength="12">)
</cfif>
<cfif isDefined('ARGUMENTS.idSng')>
WHERE s.iSongID = <cfqueryparam value = '#ARGUMENTS.idSng#' cfsqltype='CF_SQL_INTEGER'>
</cfif>
ORDER BY s.iSongID DESC
</cfquery>
<!---Return query output--->
<cfreturn song>
</cffunction>
Now im wondering, is it best to have multiple cfifs in the same function, filtering data dependant on what arguments are supplied, or is it best to seperate the function into seperate functions with different filters, without the cfifs?
Many thanksAlso keep in mind that some of your logic can be done on the database side instead of the CF side:
SELECT myFieldA, myFieldB
FROM myTable
WHERE myFieldA = CASE WHEN isNULL(@MyDBVar,'') = '' THEN myFieldA ELSE @MyDBVar END
Will filter your results matching the field myFieldA against the value of the variable @MyDBVar (if it is passed in). You can also use conditional logic to make larger changes to your database query depending on the DB you are using. -
I am new to coldfusion and need to create an automated email that will send emails depending on what the company name is. I can get the cfif / cfelse statement to work properly. When I try to get the cfif / cfelseif / cfelse the cfelseif appears to not be evaluated. Here is a segment of code.
<cfquery name="get_ticket_info" datasource="#application.datasource#"username="#application.datasource_username#" password="#application.datasource_password#">
SELECT * FROM
tbl_Tickets
WHERE ID_NO = <cfqueryparam cfsqltype="cf_sql_smallint" value="#id#">;
</cfquery>
<cfif get_ticket_info.customer_name is "Company A"><cfset tolist="[email protected]">
<cfelseif get_ticket_info.customer_name is "Company B"><cfset tolist="[email protected]">
<cfelse><cfset tolist="[email protected]">
</cfif>I troubleshoot if/else logic by looking at the data. For your example, it would be something like this:
<cfdump var="#get_ticket_info#" metainfo = "no">
<cfif get_ticket_info.customer_name is "Company A"><cfset tolist="[email protected]">
<br> is company a
<cfelseif get_ticket_info.customer_name is "Company B"><cfset tolist="[email protected]">
<br> is company b
<cfelse>
<cfset tolist="[email protected]">
<br> is neither company a nor b.
<br><cfdump var = "_#get_ticket_info.customer_name#_">
</cfif>
<cfabort> -
cflayout , cfform , cfif - not working right
Greetings,
CF Ver: 8,0,1,195765
<cfajaximport tags="cflayout-tab,cfform,cftooltip">
DW CS5
<cflayoutarea source="resource_upload.cfm"
Form elements are:
-- res_type = radio
-- res_yy = text
-- res_title = text
-- res_doc = file
I have a form embedded in a tab of a <cflayout>. The form works fine
external to the <cflayout>. When I say it works fine, I mean that
when the form fields are evaluated for emptiness with <cfif>(s) all
processes as expected.
However, when I embed the form inside the <cflayout> the <cffile>
form field no longer evaluates properly for emptiness. Whether the
field is empty or not, it always processes as if there is content in it.
I have even tried setting a variable using <cfparam> and still cannot
get it to evaluate as it does outside the <cflayout>. I have also used
the len and trim functions as well performing the evaluations.
Is there something I am missing to make the form function inside the
<cflayout> as it does outside of it?
Thanks in advance.
Leonard BHey Adam,
Below is the code that I am working with.
================================
<!--- The cflayout --->
<div align="center">
<div style="clear: both; padding: 25px 0px 0px 0px; width: 600px" align="left">
<div style="border: 5px solid #900">
<cflayout type="tab" align="left" name="resource_management" tabposition="top" style="margin-top: -3px">
<cflayoutarea name="resource_upload" overflow="auto" style="background-color: ##FC0; height: 400px;" title="Resource Upload">
<div style="clear: both; padding: 10px 10px 10px 10px">
<cfform action="insert_resource_upload_processing.cfm" target="resource_upload" method="post" enctype="multipart/form-data" name="form_01" id="form_01" class="formBody" lang="en" dir="ltr" xml:lang="en">
<div style="clear: both; float: left; padding: 0px 10px 0px 0px">
<label for="resource_yy" class="formLabel"> YEAR</label><br />
<cfinput type="text" name="resource_yy" class="formInput" id="resource_yy" style="text-align: center; width: 50px;" dir="ltr" lang="en" typeahead="no" showautosuggestloadingicon="true">
</div>
<div style="float: left">
<label for="resource_grp" class="formLabel"> RESOURCE GROUP</label><br />
<cfselect enabled="No" name="resource_grp" size="1" class="formSelect" id="resource_grp" dir="ltr" lang="en" multiple="no">
<option value="None" selected="selected">- Select Group -</option>
<option value="Tests">Tests / Answer Keys</option>
<option value="Digests">Digests</option>
<option value="PowerPoints">PowerPoints</option>
<option value="Other Documents">Other Documents</option>
</cfselect>
</div>
<div style="clear: both; padding: 10px 0px 0px 0px">
<label for="resource_title" class="formLabel"> RESOURCE TITLE</label><br />
<cfinput type="text" name="resource_title" class="formInput" id="resource_title" style="width: 565px;" dir="ltr" lang="en" typeahead="no" showautosuggestloadingicon="true">
</div>
<div style="clear: both; padding: 10px 0px 0px 0px">
<label for="resource_pwrpnt" class="formLabel"> RESOURCE POWERPOINT</label><br />
<cfinput type="file" name="resource_pwrpnt" class="formFile" id="resource_pwrpnt" dir="ltr" lang="en" size="78" xml:lang="en">
</div>
<div style="clear: both; padding: 10px 0px 0px 0px">
<div style="float: left; padding: 0px 10px 0px 0px">
<cfinput type="submit" name="btn_post" class="buttonSubmit" id="btn_post" style="letter-spacing: 1px; width: 125px;" dir="ltr" lang="en" value="POST RESOURCE"></div>
<div style="float: left">
<cfinput type="reset" name="btn_clear" class="buttonReset" id="btn_clear" style="letter-spacing: 1px; width: 125px;" dir="ltr" lang="en" value="CLEAR FIELDS"></div>
</div>
</cfform>
</div>
</cflayoutarea>
<cflayoutarea name="resource_delete" overflow="auto" style="background-color: ##CC9; height: 400px;" title="Resource Delete">
<p>Content tab 2 here</p>
</cflayoutarea>
</cflayout>
</div>
</div>
</div>
<!--- The action page --->
<cfparam name="form.resource_pwrpnt" default="None">
<p>
<cfif isdefined('form.resource_yy') and trim(form.resource_yy) eq "">
Year Resource year not provided<br />
<cfelse>
Year <cfoutput>#form.resource_yy#</cfoutput>
</cfif></p>
<p>
<cfif isdefined('form.resource_grp') and trim(form.resource_grp) eq "None">
Group: Resource group not provided<br />
<cfelse>
Group: <cfoutput>#form.resource_grp#</cfoutput>
</cfif></p>
<p>
<cfif isdefined('form.resource_title') and trim(form.resource_title) eq "">
Title Rescource title not provided
<cfelse>
Title <cfoutput>#form.resource_title#</cfoutput>
</cfif></p>
<p>
<cfif isdefined('form.resource_pwrpnt') and trim(form.resource_pwrpnt) eq "">
PwrPnt Resource powerpoint not provided
<cfelse>
PwrPnt <cfoutput>#form.resource_pwrpnt#</cfoutput>
</cfif></p>
<div style="clear: both; padding: 5px 0px 0px 0px">
<cfform action="insert_resource_upload_form.cfm" method="post" enctype="multipart/form-data" name="form_01" id="form_01" class="formBody" lang="en" dir="ltr">
<cfinput type="submit" name="btn_prev_01" class="buttonGoback" id="btn_prev_01" style="letter-spacing: 1px; width: 135px;" dir="ltr" lang="en" value="PREVIOUS SCREEN" xml:lang="en">
</cfform>
</div> -
Viewing flash nested in CFIF with active content work around
thanks to the IE update, some of us including myself are
still trying to catch up on this topic and the revisions required
to make our sites work with flash without the "clicko to activate".
I find the info out there for this issue with CFM
sparse...but I have an issue: I used the dreamweaver 8 auto
correction (adds the javascript + creates the files) on my CFM
pages and it worked fine until the part where the flash embedding
code was nested inside of a <CFIF> statement....and nothing
appears.
any ideas? I am so-so with code, but not really a programmer
so I really need help from more advanced developers on this one.
MANY MANY thanks to anyone who knows the issue/solution for this
one.
<CFIF Session.MID is 3>
<script type="text/javascript">
AC_FL_RunContent( 'codebase','
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0','widt h','280','height','551','id','palette','align','','src','palette','quality','high','bgcolo r','#FFFFFF','name','palette','pluginspage','http://www.macromedia.com/go/getflashplayer', 'movie','palette'
); //end AC code
</script><noscript><OBJECT
classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"
codebase="
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0"
WIDTH="280" HEIGHT="551" id="palette" ALIGN="">
<PARAM NAME=movie VALUE="palette.swf"> <PARAM
NAME=quality VALUE=high> <PARAM NAME=bgcolor
VALUE=#FFFFFF> <EMBED src="palette.swf" quality=high
bgcolor=#FFFFFF WIDTH="280" HEIGHT="551" NAME="palette" ALIGN=""
TYPE="application/x-shockwave-flash" PLUGINSPAGE="
http://www.macromedia.com/go/getflashplayer"></EMBED>
</OBJECT></noscript>
</CFIF>thanks to the IE update, some of us including myself are
still trying to catch up on this topic and the revisions required
to make our sites work with flash without the "clicko to activate".
I find the info out there for this issue with CFM
sparse...but I have an issue: I used the dreamweaver 8 auto
correction (adds the javascript + creates the files) on my CFM
pages and it worked fine until the part where the flash embedding
code was nested inside of a <CFIF> statement....and nothing
appears.
any ideas? I am so-so with code, but not really a programmer
so I really need help from more advanced developers on this one.
MANY MANY thanks to anyone who knows the issue/solution for this
one.
<CFIF Session.MID is 3>
<script type="text/javascript">
AC_FL_RunContent( 'codebase','
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0','widt h','280','height','551','id','palette','align','','src','palette','quality','high','bgcolo r','#FFFFFF','name','palette','pluginspage','http://www.macromedia.com/go/getflashplayer', 'movie','palette'
); //end AC code
</script><noscript><OBJECT
classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"
codebase="
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0"
WIDTH="280" HEIGHT="551" id="palette" ALIGN="">
<PARAM NAME=movie VALUE="palette.swf"> <PARAM
NAME=quality VALUE=high> <PARAM NAME=bgcolor
VALUE=#FFFFFF> <EMBED src="palette.swf" quality=high
bgcolor=#FFFFFF WIDTH="280" HEIGHT="551" NAME="palette" ALIGN=""
TYPE="application/x-shockwave-flash" PLUGINSPAGE="
http://www.macromedia.com/go/getflashplayer"></EMBED>
</OBJECT></noscript>
</CFIF> -
Frustrating syntax error:cfqueryparam
I must be brain dead. I have been looking at this code for about 45 minutes trying to figure out where the syntax error is. I think it is in one of the "," but I have rearranged them so many times I am going bonkers. Can someone find where my error is.
<cfquery name="addRegistration" datasource="RBDS">
INSERT INTO
tournamentReg
(tDate
,tName
,regDateTime
,regNumber
,regFName
,regLName
,streetAddr
,cityStateZip
,regPhone
,regEmail
,lastBook
,usbcCard
,regNotify
,regReturn
,regMembership
,regLeague
<cfif tName EQ #URL.tName# AND 'doubles' IS 'yes'>
BowlerTwoName, BowlerTwoBook
</cfif>
<cfif tName EQ #URL.tname# AND 'threePerTeam' is 'yes'>
BowlerTwoName, BowlerTwoBook,
BowlerThreeName, BowlerThreeBook
</cfif>
<cfif tName EQ #URL.tname# AND 'fourPerTeam' IS 'yes'>
BowlerTwoName, BowlerTwoBook,
BowlerThreeName, BowlerThreeBook,
BowlerFourName, BowlerFourBook
</cfif>
<cfif tName EQ #URL.tname# AND 'fivePerTeam' IS 'yes'>
BowlerTwoName, BowlerTwoBook,
BowlerThreeName, BowlerThreeBook,
BowlerFourName, BowlerFourBook,
BowlerFiveName, BowlerFiveBook
</cfif>)
VALUES
VALUES
<cfif tName EQ #URL.tname# AND 'doubles' IS 'yes'>
<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.BowlerTwoName#">
,<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.BowlerTwoBook#">
</cfif>
<cfif tName EQ #URL.tname# AND 'threePerTeam' is 'yes'>
<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.BowlerTwoName#">
,<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.BowlerTwoBook#">
,<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.BowlerThreeName#">
,<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.BowlerThreeBook#">
</cfif>
<cfif tName EQ #URL.tname# AND 'fourPerTeam' IS 'yes'>
<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.BowlerTwoName#">
,<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.BowlerTwoBook#">
,<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.BowlerThreeName#">
,<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.BowlerThreeBook#">
,<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.BowlerFourName#">
,<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.BowlerFourBook#">
</cfif>
<cfif tName EQ #URL.tname# AND 'fivePerTeam' IS 'yes'>
<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.BowlerTwoName#">
,<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.BowlerTwoBook#">
,<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.BowlerThreeName#">
,<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.BowlerThreeBook#">
,<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.BowlerFourName#">
,<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.BowlerFourBook#">
,<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.BowlerFiveName#">
,<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.BowlerFiveBook#">
</cfif>
,<cfqueryparam cfsqltype="CF_SQL_DATE" value="#URL.tdate#">
,<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#URL.tname#">
,<cfqueryparam cfsqltype="cf_sql_varchar" value="#form.regDateTime#">
,<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#URL.regNumber#">
,<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.regFName#">
,<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.regLName#">
,<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.streetAddr#">
,<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.cityStateZip#">
,<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.regPhone#">
,<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.regEmail#">
,<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.lastBook#">
,<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.usbcCard#">
,<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.regNotify#">
,<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.regReturn#">
,<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.regMembership#">
,<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.regLeague#">
</cfquery>
Error Dump states the error is on line 151 (above). Until I added the <cfif>'s it worked fine. BTW- the <cfif>'s work find until it processes the VALUE.
Error Executing Database Query.
[Macromedia][SequeLink JDBC Driver][ODBC Socket][Microsoft][ODBC Microsoft Access Driver] Syntax error in INSERT INTO statement.
The error occurred in C:\Inetpub\wwwroot\renobowls\forms\ProcessRegistration.cfm: line 151
Called from C:\Inetpub\wwwroot\renobowls\forms\ProcessRegistration.cfm: line 29
Called from C:\Inetpub\wwwroot\renobowls\forms\ProcessRegistration.cfm: line 28
Called from C:\Inetpub\wwwroot\renobowls\forms\ProcessRegistration.cfm: line 1
Called from C:\Inetpub\wwwroot\renobowls\forms\ProcessRegistration.cfm: line 151
Called from C:\Inetpub\wwwroot\renobowls\forms\ProcessRegistration.cfm: line 29
Called from C:\Inetpub\wwwroot\renobowls\forms\ProcessRegistration.cfm: line 28
Called from C:\Inetpub\wwwroot\renobowls\forms\ProcessRegistration.cfm: line 1
149 : <cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.regReturn#">,
150 : <cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.regMembership#">,
151 : <cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.regLeague#">
152 :
153 : )Hey Dan. Thanks for the tips yesterday. I went back to the version of the code when it worked. The working code is at the top. The non-working code is at the bottom. It starts not working when I include the CFIF's. I am not sure I understand your other suggestion. But maybe if you take a look at the difference between the working code and the other you can see what I don't.
Working CODE:
<cfquery name="addRegistration" datasource="RBDS">
INSERT INTO
tournamentReg
(tDate
,tName
,regDateTime
,regNumber
,regFName
,regLName
,streetAddr
,cityStateZip
,regPhone
,regEmail
,lastBook
,usbcCard
,regNotify
,regReturn
VALUES
<cfqueryparam cfsqltype="CF_SQL_DATE" value="#URL.tdate#">
,<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#URL.tname#">
,<cfqueryparam cfsqltype="cf_sql_varchar" value="#form.regDateTime#">
,<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#URL.regNumber#">
,<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.regFName#">
,<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.regLName#">
,<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.streetAddr#">
,<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.cityStateZip#">
,<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.regPhone#">
,<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.regEmail#">
,<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.lastBook#">
,<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.usbcCard#">
,<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.regNotify#">
,<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.regReturn#">
</cfquery>
PRODUCES THIS:
CONGRATULATIONS YOU ARE NOW REGISTERED FOR THE
SUPER NO-TAP
WHO TO CONTACT: Rick Rossiter - TELEPHONE: 775-813-5492
The table below contains all of the information you entered for the Super No-Tap tournament.
All the information you entered to register for this tournament is displayed bwlow. Reno Bowls wishes you the best of luck in this tournament. If there is any information below that is incorrect, please inform us as soon as possible by calling Reno Bowls or sending us an email to: [email protected]. Please make certain to include your registration number (8701967) when making any inquiries.
YOUR REGISTRATION NUMBER
8701967
TIME AND DATE YOU REGISTERED
02/17/10 - 1:02:09 PM
DATE OF TOURNAMENT
2009-12-13 00:00:00.0
WHERE THE TOURNAMENT WILL BE
High Sierra Bowling Lanes
3390 South Virginia Street
Reno, NV, 89502-4502
(775) 825-1048
DIRECTONS
TIME TOURNAMENT BEGINS
12:00 PM
YOU SAVED $5.00 BY REGISTERING ONLINE
$25
CAPTAIN'S NAME (FIRST REGISTRANT)
Rick Rossiter
YOUR MAILING ADDRESS:
105 N. McCarran Blvd.
Reno, NV 89523
YOUR EMAIL ADDRESS IS:
[email protected]
YOUR PHONE NUMBER IS:
813-0850
YOUR LAST YEARS BOOK AVERAGE IS:
191
YOUR USBC MEMBER NUMBER IS:
8130-5041
NOTIFY YOU OF FUTURE TOURNAMENTS
Yes
RETURNING RENO BOWLS PLAYER
welcome back and thank you
Reno Bowls, A NexTeam LLC Company (c) 2009-2010
The NON-WORKING CODE: Even though I removed the CFIF structure. However, I have to be able to discern the number of bowlers according to the tournament the registrant is entering.
<cfquery name="addRegistration" datasource="RBDS">
INSERT INTO
tournamentReg
(tDate
,tName
,regDateTime
,regNumber
,regFName
,regLName
,streetAddr
,cityStateZip
,regPhone
,regEmail
,lastBook
,usbcCard
,regNotify
,regReturn
,regMembership
,regLeague
VALUES
<cfqueryparam cfsqltype="CF_SQL_DATE" value="#URL.tdate#">,
<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#URL.tname#">,
<cfqueryparam cfsqltype="cf_sql_varchar" value="#form.regDateTime#">,
<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#URL.regNumber#">,
<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.regFName#">,
<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.regLName#">,
<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.streetAddr#">,
<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.cityStateZip#">,
<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.regPhone#">,
<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.regEmail#">,
<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.lastBook#">,
<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.usbcCard#">,
<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.regNotify#">,
<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.regReturn#">,
<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.regMembership#">,
<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.regLeague#">
</cfquery>
According to the dump the "," syntax is incorrect, but it looks fine to me. What am I missing?
Error Occurred While Processing Request
Error Executing Database Query.
[Macromedia][SequeLink JDBC Driver][ODBC Socket][Microsoft][ODBC Microsoft Access Driver] Syntax error in INSERT INTO statement.
The error occurred in C:\Inetpub\wwwroot\renobowls\forms\ProcessRegistration.cfm: line 168
166 : <cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.regReturn#">,
167 : <cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.regMembership#">,
168 : <cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.regLeague#">
169 :
170 : )
SQL
INSERT INTO tournamentReg (tDate ,tName ,regDateTime ,regNumber ,regFName ,regLName ,streetAddr ,cityStateZip ,regPhone ,regEmail ,lastBook ,usbcCard ,regNotify ,regReturn ,regMembership ,regLeague VALUES ( (param 1) , (param 2) , (param 3) , (param 4) , (param 5) , (param 6) , (param 7) , (param 8) , (param 9) , (param 10) , (param 11) , (param 12) , (param 13) , (param 14) , (param 15) , (param 16) )
DATASOURCE
RBDS
VENDORERRORCODE
-3502
SQLSTATE
42000
Maybe you are looking for
-
CLob update failing with PLS-00172: string literal too long
I have a clob column which needs to updated with a message on message_id Table description SQL> desc cl_message1 Name Null? Type MSG_ID NOT NULL NUMBER(10) DATA NOT NULL CLOB Update statement: variable data1 clob; begin :data1:='TESTHDR^Add^200812310
-
How do i restore all my bookmarks from an earlier version of mozilla firefox?
Firefox has been reminding me to update my Firefox version. And I did. After installing the new version, it restarted my computer. Now the first thing I did is to restore my previous tabs, the tabs that were open when i upgraded Firefox. But there we
-
I've accidently saved some web images into a folder named temp, in Volumes. I thought I was saving them to a network folder I have named Temp, but it turns out this is a hidden folder. I don't want to have to re-do these images, and I wonder if there
-
Error when I try to use the XMLElement(), XMLForest(), etc functions?
I'm getting an "invalid column name" error when I try to use the xmlelement() function (and the like). Is this function only available on 9i Release 2? How do I find the SQLX functions and/or load them up for use? Hopefully someone will see this as a
-
Install Wls6.0 on Solaris 8.0 for x86
I have a pc with Solaris 8.0 for x86 installed .I also install jre1.3 on it. When I try to install wls6.0 on it ,there comes an error message"can't find libjava.so ". I've found the file libjava.so at path "j2re1_3_0/lib/i386/" . Why the installer di