7 Replies Latest reply on Apr 29, 2009 7:31 AM by GrumpyJoe

    Verity search results showing SQL code

    ssailer Level 1
      This site is still in development and that's why the domain hasn't transferred yet: http://financial-strategist.dataride-previews.com/index.cfm. If you perform a search for the word business, for example, some of the search results display the SQL query code. How can I eliminate this from being included in the search results?

      My results page is as follows:
      name = "fs_search"
      collection = "fsdocs, affdocs, bodocs, profdocs, wibdocs"
      criteria = "#Form.Criteria#"
      maxrows = "35">

      <CFOUTPUT QUERY="fs_search">
      <a href="#url#"><strong>#Title#</strong></a> <br>
      #Summary# <br />
      <br />
        • 1. Re: Verity search results showing SQL code
          Fetch Level 1
          I found a similar problem on Experts-Exchange, seen here:

          http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/Cold_Fusion_Markup _Language/Q_23842771.html

          Basically, the solution was to strip the HTML when populating the verity collection.
          • 2. Re: Verity search results showing SQL code
            sanman Level 1

            I am having the same issue. It does not look good when a search returns code like "select * from catagory...." in the search result page.


            I looked at the expert exchange solution but it only strips the tags/html so basically the <cfquery> .. part is removed but the actual query "select * ... " still shows up on the results.


            How can we remove such sql codes totally?

            • 3. Re: Verity search results showing SQL code
              sanman Level 1

              I'm surprised that I haven't been able to get any pointers on this.


              Searching is an important part of site design and if CF is showing sql codes then it's not good from security standpoint.


              I need to fix this! Anyone have any suggestions?

              • 4. Re: Verity search results showing SQL code
                CFMXPrGrmR Level 2

                There are two ways Verity can index your CF pages (that I know of). One is to do it through the CF Admin Verity Collection and the other is the command line vspider.exe. I believe only the vspider will actually process your CF pages (processing your SQL as well) and the Verity Collection method in the CF Admin will only "read" your CF pages, this "reading" will just display what's in the pages (minus CF includes, etc.).


                I could be wrong in this of course because I've learned by trial and error. My experience has been the CF community sites (this one, HOF and Dev Shed) are very slim on Verity help. So I'd say RTFM as much as you can. HTH

                • 5. Re: Verity search results showing SQL code
                  sanman Level 1

                  Haven't found anything in the manual.


                  I'm using verity collection and i guess the engine actually indexes the pages on the server itself ie. cfm pages on source level. When you do a search for the word "select" you can actually see the queries in the search results.


                  Hasn't anyone gone through this issue??


                  If there is not answer to this, what is a good alternative as far as keeping a search option in your site that searches throught the pages in your site?

                  • 6. Re: Verity search results showing SQL code
                    CFMXPrGrmR Level 2

                    You're able to query the Verity results themselves and exclude the SELECT statements.


                    SELECT  *

                    FROM    verity_results

                    WHERE   CONTEXT        NOT LIKE <cfqueryparam cfsqltype="cf_sql_char" value="%SELECT%" />

                    • 7. Re: Verity search results showing SQL code

                      Whenever I've used Verity I've populated it via data, not page crawls - if your content pages contain SQL then SQL will be collated into Verity - no way around that - also every other piece of CF code as well.


                      A separation of content from logic (via MVC methods) would mean you could point verity at the content without seeing coldfusion code, or add the SQL code via cfinclude and leave the content pages as just content.


                      I have no easy way to fix it other than those suggestions really.  If you intermingle content and logic this will happen.