cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0
Upvote

SQL query and CFOUTPUT question

pkonshak
New Here ,
May 04, 2010 May 04, 2010

Copy link to clipboard

Copied

Hi,

I'm trying to compare two tables in a database.  I need to output a few fields from one table, compare one field between the two tables.  Users are selecting the tables.  I have written an SQL query which does what I need:

<cfquery name="getitems" datasource="snapshot">
select #endtable#.field9, #endtable#.field12, #endtable#.field4, #endtable#.field13, #endtable#.field2, #endtable#.field3, #starttable#.field3
from #endtable#, #starttable#
where #endtable#.field5='#form.field5#'
and #starttable#.field2=#endtable#.field2
</cfquery>

Problem is on output.  You can see I am selecting field3 from two tables.  I also want to output both field3 values.

<cfoutput query="getitems">

#field3#

</cfoutput>

This gives me the value which was selected as #endtable#.field3.

How can I output the other -- #starttable#.field3?

As noted, the table names are variables being passed into the query...  Thanks!

Peter

TOPICS
Advanced techniques

Views

782

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

-__cfSearching__-
Valorous Hero , May 04, 2010 May 04, 2010

How can I output the other -- #starttable#.field3?

Use an alias to give the fields different names ie table.column AS SomeName. Otherwise, cfquery may not know which field you mean when you say "field3".

select #endtable#.field9, #endtable#.field12,

Be careful using this type of sql. Depending on the source of your variables, this can pose a sql injection risk.

Votes

Translate

Translate
replies 5 Replies 5
latest latest Jump to latest reply
-__cfSearching__-
Valorous Hero ,
May 04, 2010 May 04, 2010

Copy link to clipboard

Copied

How can I output the other -- #starttable#.field3?

Use an alias to give the fields different names ie table.column AS SomeName. Otherwise, cfquery may not know which field you mean when you say "field3".

select #endtable#.field9, #endtable#.field12,

Be careful using this type of sql. Depending on the source of your variables, this can pose a sql injection risk.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
pkonshak
New Here ,
May 04, 2010 May 04, 2010

Copy link to clipboard

Copied

In Response To -__cfSearching__-

Thank you, that worked beautifully!  Another trick learned..

Also, thanks for the sql injection warning -- I am cleaning the input before passing it into the query.  Much appreciated!

Peter

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Dan_Bracuk
LEGEND ,
May 04, 2010 May 04, 2010

Copy link to clipboard

Copied

In Response To pkonshak

Regarding:

I am cleaning the input before passing it into the query

Even this one?

'#form.field5#'

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
pkonshak
New Here ,
May 05, 2010 May 05, 2010

Copy link to clipboard

Copied

In Response To Dan_Bracuk

Hi,

The #form.field5# comes via a select list....no user input of data.

I suppose it is still possible to be compromised.  I'll fix that.  Thanks!

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
-__cfSearching__-
Valorous Hero ,
May 05, 2010 May 05, 2010

Copy link to clipboard

Copied

LATEST
In Response To pkonshak

The #form.field5# comes via a select list....no user input

of data....

Someone could easily construct a fake http post, with malicious sql in the "form" fields, and submit it to your action page. That is why it is vulnerable.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation
ColdFusion User Guide
Copyright © 2023 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices