|
.............................
Cold Fusion .... SQL
Syntax
Dynamic
Parameters in SQL statements:
= passing user entered data from an HTML form to a database
SQL request statement.
<CFquery ..........Sql-statement
<CFquery ...> ....SELECT * FROM tableName
WHERE fieldName_FirstName = 'Dale'
<CFquery ...> ....SELECT * FROM tableName
WHERE fieldName_FirstName = '#form.varableName#'
Cold Fusion can searches:
............Form's , URL's , cookies , client
and CGI environments information for variableName
Source's:
............form fields
............URL parameters ........../aaade/input.cfm?name=joe
............CGI environment variables
............Other queries..................#justRunQueryName.FieldName#
............Cookies............cookie variable
............Client Variables.....in system
registry on the web-server
HTML Form ...Query Front End.....the common way to implement Dynamic
SQL parameters!
<Form ACTION="getCFpage.CFM" METHOD="post">
<PRE>
......Enter your first name: <input type="text"
name="variable_Fname">
.......................................<input
type="Submit" value"SQLsearch">
</PRE>
</Form>
The Form varable are know as: ...........
variable_Fname
CFoutPut varible usage:
........... <CFoutput> literal-text
#Form.variable_Fname#</CFoutput>
.CFquery variable usage:
..............<CFquery.... >
.............................select * from
DataBaseTABLEname
...................................where
DataBaseFieldname_firstname = "# variable_Fname#
...............</CFquery>
SQL Search by a patern rathar than literal
text; use the:
............. SQL LIKE operator in combinationw with the wildcard character
( % )
select * from dbTableName where Fname LIKE '#variable_Fname#%'
.............finds dbrows where Fname starts with user-input-data
Include a Comment in your *.cfm
page
in HTML pages:....... .. . . ...............in
CFM pages(note 3 dashes)
<!-- comments --> . . . . . . . . . . . .
. . . <!--- comments --->
|