替换ColdFusion破坏SQL查询

时间:2010-12-20 16:04:03

标签: coldfusion

我有以下MySQL查询,它导致错误,错误也在下面。

    SELECT DISTINCT s.id as id, s.auctioneer as auctioneer, s.advertType as advertType, s.saleType as saleType, an.name as auctioneerName, st.entryCopy as saleTypeName, at.entryCopy as advertTypeName, s.heading AS heading, sl.city AS city, sd.id AS sdId, sd.startDate AS startDate
    FROM    sales s LEFT JOIN saleloc sl ON sl.saleId = s.id LEFT JOIN saledates sd ON sd.saleLoc = sl.id,
            auctioneers an,
            lookupcopy st,
            lookupcopy at
    #replace(findWhere,"''","'","all")# AND
    s.id = sd.saleId AND sl.saleId = s.id
    AND an.id = s.auctioneer
    AND st.id = s.saleType
    AND at.id = s.advertType
    GROUP BY id     
    ORDER BY startDate, auctioneerName, city

数据库错误

SELECT DISTINCT s.id as id, s.auctioneer as auctioneer, s.advertType as advertType, s.saleType as saleType, an.name as auctioneerName, st.entryCopy as saleTypeName, at.entryCopy as advertTypeName, s.heading AS heading, sl.city AS city, sd.id AS sdId, sd.startDate AS startDate
FROM sales s 
LEFT JOIN saleloc sl ON sl.saleId = s.id 
LEFT JOIN saledates sd ON sd.saleLoc = sl.id, auctioneers an, lookupcopy st, lookupcopy at 
'WHERE s.advertType > 0 
AND s.saleType > 0 
AND sl.region = "2" ' 
AND s.id = sd.saleId 
AND sl.saleId = s.id 
AND an.id = s.auctioneer 
AND st.id = s.saleType 
AND at.id = s.advertType 
GROUP BY id 
ORDER BY startDate, auctioneerName, city

我没有写这段代码而且我不确定为什么#Replace()#被使用,有人能看到如何解决它导致的语法错误吗?

4 个答案:

答案 0 :(得分:1)

Before the query code, do a replace as follows:

<cfset findWhere = Replace(findWhere, "''", "'", "ALL")#
<cfif Left(findWhere, 1) EQ "'">
    <cfset findWhere = Right(findWhere, Len(findWhere) - 1)>
</cfif>
<cfif Right(findWhere, 1) EQ "'">
    <cfset findWhere = Left(findWhere, Len(findWhere) - 1)>
</cfif>

<cfquery name="qry" datasource="mysql">
SELECT DISTINCT s.id as id, s.auctioneer as auctioneer, s.advertType as advertType, s.saleType as saleType, an.name as auctioneerName, st.entryCopy as saleTypeName, at.entryCopy as advertTypeName, s.heading AS heading, sl.city AS city, sd.id AS sdId, sd.startDate AS startDate
FROM    sales s 
LEFT JOIN saleloc sl ON sl.saleId = s.id 
LEFT JOIN saledates sd ON sd.saleLoc = sl.id,
        auctioneers an,
        lookupcopy st,
        lookupcopy at
#findWhere# AND
s.id = sd.saleId AND sl.saleId = s.id
AND an.id = s.auctioneer
AND st.id = s.saleType
AND at.id = s.advertType
GROUP BY id     
ORDER BY startDate, auctioneerName, city
</cfquery>

答案 1 :(得分:0)

findWhere中存储的值包括字符串开头和结尾的单引号。

答案 2 :(得分:0)

另一方面说明:除非您创建了没有任何直接用户输入值的findWhere,否则您需要保护它。

更好:

...
WHERE 1= 1
<cfif listFind( 'foo' , findWhere )>
foo= 2

<cfelseif listFind( 'bar' , findWhere )>
bar= 209

</cfif>
...

答案 3 :(得分:0)

为了澄清,我不相信你可以在同一个查询中做一个明确的和一个group by语句。

他们都做同样的事情,但出于不同的原因。

相关问题
最新问题