 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
| HomeDiscussion GroupsGeneralPHPASPPerlColdFusionFlashHTML, CSS, ScriptsBrowsers |
Webmaster Forum / ColdFusion / Getting Started / August 2006problem with *.cfc file whilst using SES url script
I have obtained a UDF script for my site to produce SES urls. I have implemented said script and called the function on the page. When I visit a link that has been amended (i.e. I have inserted "/" instead of "?") I receive an error regarding my cfc page. The error is to do with this line in my products.cfc file: WHERE products.product_id = #arguments.prodID# The page that has the script has this line: <cfparam name="URL.prodID" default=""> so I thought there would be no problem. The link I am attempting to amend is like this: http://www.flooringsupplies.co.uk/productdetails.cfm?productID=875&type=realwood &cat=Kahrs I have tried changing the "productID" to "prodID" but still no resolution. Any help would be greatly appreciated. Thanks Danielle Your query is executing as WHERE products.product_id = Which is illegal. You're telling SQL to find a row based on a number and then giving it nothing. This results in a syntax error. If you supply a number or write your query with single quotes it will not raise an error. Changing your param's default value to a number which is not a valid ID will not throw the error and return no results in this case: <cfparam name="URL.prodID" default=0> This will remedy your SQL error (unless you have a product with ID 0, you could use -1 if that's the case) I would recommend however that you dcualre your argument for productID in the cfc as numeric. In this way the CFC will raise an error before the SQL executes when anything besides a number is passed to it. You want to verify all data that you pass to a dynamic SQL statement to avoid SQL injection attacks. An example of the code would look like: <cfargument name="ProductID" type="numeric" required="yes"> <cfquery name="qName" datasource="DSN"> SELECT Column FROM Table WHERE ProductID = <cfqueryparam value="#Arguments.ProductID#" cfsqltype="CF_SQL_INTEGER"> </cfquery> thank you for your help, although I think this is more advanced than I first realised, plus working on someone elses work/structure, that I did not produce originally. When verifying the data is numeric, I receive the following error: "The argument PRODID passed to function prodDetailbyID() is not of type numeric. " on page http://www.flooringsupplies.co.uk/1productdetails.cfm/productID/2832/type/solid/ cat/ I changed the type to "any" to see if I could learn about the error and acertain where I need to change things but created an error "Invalid data for CFSQLTYPE CF_SQL_INTEGER. ". I thought it might be down to the type of column, so I checked and the product_id column is BIGINT so it seems to be numeric. Im not sure what to change now. Thanks Danielle First thing I would try is to copy out the query, paste it into another template, change the variables to static values and see if it runs correctly. <cfquery ...> SELECT FOO FROM Table WHERE ID = 1 </cfquery> If your query works then you eliminated that as your cuplrit. Then on the test page I would delete the query and add just the code needed to call the function which runs the query. I would enter the argument as a static value. <cfset Test = GetDataByProduct(1)> If this returns you ruled out one more thing. You could then go back to your problem page and add something like this above your function call <cfoutput>#URL.ProdID#</cfoutput> <cfabort> Is ts a number? Blank? Test that: <cfoutput>#IsNumeric(URL.ProdID)#</cfoutput> <cfabort> If its not a number, why? Is there some other character in there? Is it blank? Basically work backwards. Take parts that work and slowly change them to see what is breaking and when. I hope this helps. |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.