arc*_*123 1 sql sql-server coldfusion
我有这个插入标签:
<cfquery name="aoi_results" datasource="buyerhero" >
INSERT INTO polygons(tract, user, name, type, center, radius, north, south, east, west, verticies)
VALUES('#url.tract#', '#url.user#', '#url.name#', '#url.type#','#url.center#', '#url.radius#', '#url.north#', '#url.south#', '#url.east#', '#url.west#', '#url.verticies#');
</cfquery>
对于此查询,并非使用所有字段.有些记录有center and radius,有些有north, south, east, and west,有些有verticies.任何未使用的字段都为null.
如何编写语句,以便类型后的每个字段都是可选的?
谢谢
cfparam如果它们没有被传入,你可以使用默认你的url params为空.然后,在你的查询中你可以使用的null属性cfqueryparam.该null属性是一个布尔值,如果为true,它将传入null.
<cfparam name="URL.tract" default="" />
<cfparam name="URL.user" default="" />
<cfparam name="URL.name" default="" />
<cfparam name="URL.type" default="" />
<cfparam name="URL.center" default="" />
<cfparam name="URL.radius" default="" />
<cfparam name="URL.north" default="" />
<cfparam name="URL.south" default="" />
<cfparam name="URL.east" default="" />
<cfparam name="URL.west" default="" />
<cfparam name="URL.verticies" default="" />
<cfquery name="aoi_results" datasource="buyerhero" >
INSERT INTO polygons(tract, user, name, type, center, radius, north, south, east, west, verticies)
VALUES(
<cfqueryparam value="#URL.tract#" cfsqltype="cf_sql_integer" />
,<cfqueryparam value="#URL.user#" cfsqltype="cf_sql_varchar" />
,<cfqueryparam value="#URL.name#" cfsqltype="cf_sql_varchar" />
,<cfqueryparam value="#URL.type#" cfsqltype="cf_sql_integer" />
,<cfqueryparam value="#URL.center#" cfsqltype="cf_sql_float" null="#len(URL.center) EQ 0#" />
,<cfqueryparam value="#URL.radius#" cfsqltype="cf_sql_float" null="#len(URL.radius) EQ 0#" />
,<cfqueryparam value="#URL.north#" cfsqltype="cf_sql_float" null="#len(URL.north) EQ 0#" />
,<cfqueryparam value="#URL.south#" cfsqltype="cf_sql_float" null="#len(URL.south) EQ 0#" />
,<cfqueryparam value="#URL.east#" cfsqltype="cf_sql_float" null="#len(URL.east) EQ 0#" />
,<cfqueryparam value="#URL.west#" cfsqltype="cf_sql_float" null="#len(URL.west) EQ 0#" />
,<cfqueryparam value="#URL.verticies#" cfsqltype="cf_sql_float" null="#len(URL.verticies) EQ 0#" />
);
</cfquery>
我猜对了cfsqltype,你必须自己验证一下.null如果len()为0,则该属性将列设置为null,并且所有URL参数默认为空白cfparam
最重要的是,你应该经常使用cfqueryparam.将URL变量传递给查询只是要求使用SQL注入攻击进行攻击.阅读learncfinaweek上的查询参数部分,了解有关此内容的更多信息.
| 归档时间: |
|
| 查看次数: |
92 次 |
| 最近记录: |