Comments on: cfqueryparam does not work in ORDER BY, what are my options? http://www.chapter31.com/2008/11/22/cfqueryparam-does-not-work-in-order-by-what-are-my-options/ Rich Internet Application development Tue, 31 Jan 2012 15:10:27 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Michael Sharman http://www.chapter31.com/2008/11/22/cfqueryparam-does-not-work-in-order-by-what-are-my-options/comment-page-1/#comment-83176 Michael Sharman Thu, 27 Nov 2008 20:18:05 +0000 http://www.chapter31.com/?p=447#comment-83176 @Sebastiaan - thank for that, Pete is a master and that's yet another good resource. Speaking of his last example I prefer this way of handling NULLs in cfqueryparams: http://www.chapter31.com/2007/02/04/cfqueryparam-and-conditional-handling-of-nulls/ @Sebastiaan – thank for that, Pete is a master and that’s yet another good resource.

Speaking of his last example I prefer this way of handling NULLs in cfqueryparams:

http://www.chapter31.com/2007/02/04/cfqueryparam-and-conditional-handling-of-nulls/

]]> By: Sebastiaan http://www.chapter31.com/2008/11/22/cfqueryparam-does-not-work-in-order-by-what-are-my-options/comment-page-1/#comment-83154 Sebastiaan Thu, 27 Nov 2008 15:05:38 +0000 http://www.chapter31.com/?p=447#comment-83154 How about this article by Pete Freitag that addresses the times when you can NOT use CFQUERPYPARAM: http://www.petefreitag.com/item/677.cfm How about this article by Pete Freitag that addresses the times when you can NOT use CFQUERPYPARAM: http://www.petefreitag.com/item/677.cfm

]]> By: Michael Sharman http://www.chapter31.com/2008/11/22/cfqueryparam-does-not-work-in-order-by-what-are-my-options/comment-page-1/#comment-82416 Michael Sharman Sat, 22 Nov 2008 23:26:33 +0000 http://www.chapter31.com/?p=447#comment-82416 @Mike, thanks for your comment. Agreed that we all need reminding on these types of things every now and then :) I think we need a specific post on <cfprocpram> as well for those using stored procedures. Same in theory but it's always nice to see examples. @Mike, thanks for your comment. Agreed that we all need reminding on these types of things every now and then :)

I think we need a specific post on <cfprocpram> as well for those using stored procedures. Same in theory but it’s always nice to see examples.

]]> By: Michael Sharman http://www.chapter31.com/2008/11/22/cfqueryparam-does-not-work-in-order-by-what-are-my-options/comment-page-1/#comment-82413 Michael Sharman Sat, 22 Nov 2008 23:20:08 +0000 http://www.chapter31.com/?p=447#comment-82413 @Justin, yeah I saw that one but as mentioned by Ben I like the exception handling a bit better when you're using a simple list. You could always wrap a try/catch around the <cfparam> but I think the "list" way is a bit more readable. Re: the 2nd post...yep that is cool, I'll have to remember that! @Justin, yeah I saw that one but as mentioned by Ben I like the exception handling a bit better when you’re using a simple list. You could always wrap a try/catch around the <cfparam> but I think the “list” way is a bit more readable.

Re: the 2nd post…yep that is cool, I’ll have to remember that!

]]> By: Mike Kelp http://www.chapter31.com/2008/11/22/cfqueryparam-does-not-work-in-order-by-what-are-my-options/comment-page-1/#comment-82370 Mike Kelp Sat, 22 Nov 2008 16:55:38 +0000 http://www.chapter31.com/?p=447#comment-82370 This is a great post as it is very simple but very often forgotten. The cfqueryparam tag simply parameterizes query values for databases that support it and only in places that they support it. Query parameters regardless of language can only work in situations where the database server's sql can support variables. For SQL server (and most databases) this does not include order by or TOP (the other big one that developer's often forget). Thanks for a good reminder to all of us. This is a great post as it is very simple but very often forgotten. The cfqueryparam tag simply parameterizes query values for databases that support it and only in places that they support it.

Query parameters regardless of language can only work in situations where the database server’s sql can support variables. For SQL server (and most databases) this does not include order by or TOP (the other big one that developer’s often forget).

Thanks for a good reminder to all of us.

]]> By: Justin Carter http://www.chapter31.com/2008/11/22/cfqueryparam-does-not-work-in-order-by-what-are-my-options/comment-page-1/#comment-82362 Justin Carter Sat, 22 Nov 2008 15:40:10 +0000 http://www.chapter31.com/?p=447#comment-82362 Another interesting way I noticed recently was in Ben Nadel's discussion on sanitising table names (which of course can apply to column names and other SQL keywords such as ASC/DESC), by using cfparam: http://www.bennadel.com/blog/1396-Ask-Ben-Dynamic-Table-Names-In-ColdFusion-Queries.htm e.g. As Ben also notes in a followup post the regex pattern here matches the entire value (i.e. it implicitly uses the caret (^) to match the start of the string and the dollar sign ($) to match the end): http://www.bennadel.com/blog/1398-ColdFusion-CFParam-Regex-Validation-Tests-Whole-Value.htm Another interesting way I noticed recently was in Ben Nadel’s discussion on sanitising table names (which of course can apply to column names and other SQL keywords such as ASC/DESC), by using cfparam:
http://www.bennadel.com/blog/1396-Ask-Ben-Dynamic-Table-Names-In-ColdFusion-Queries.htm

e.g.

As Ben also notes in a followup post the regex pattern here matches the entire value (i.e. it implicitly uses the caret (^) to match the start of the string and the dollar sign ($) to match the end):
http://www.bennadel.com/blog/1398-ColdFusion-CFParam-Regex-Validation-Tests-Whole-Value.htm

]]>