ColdFusion查询查询通配符LIKE条件不适用于单引号?

时间:2014-03-18 01:54:01

标签: coldfusion coldfusion-8 sql-like cfquery qoq

我有一个查询查询,它对变量字符串执行LIKE条件:

当变量包含一个包含单引号的单词时,会返回一些结果,但不是全部:

<cfset _myVar = "Women's" />

<cfquery name="_qData" dbtype="Query">
    SELECT 
        ID
    FROM   MyQoQ
    WHERE  NAME LIKE '%#_myvar#%'
        OR DESCRIPTION LIKE '%#_myvar#%'
</cfquery>

当变量包含多个单词,并且其中一个单词包含单个引号时,不会返回任何记录:

<cfset _myVar = "Women's Initiative" />

<cfquery name="_qData" dbtype="Query">
    SELECT 
        ID
    FROM   MyQoQ
    WHERE  NAME LIKE '%#_myvar#%'
        OR DESCRIPTION LIKE '%#_myvar#%'
</cfquery>

我已尝试PreserveSingleQuotes()以及使用CFQUERYPARAM包装变量,但是,无效 - 我得到相同的结果。

有没有办法让这项工作?

添加一个repro案例

<cfset myQuery = queryNew('hello')>
<cfset queryAddRow(myQuery,5)>
<cfset querySetCell(myQuery,"hello","what up",1)>
<cfset querySetCell(myQuery,"hello","what's up",2)>
<cfset querySetCell(myQuery,"hello","what's up friends",3)>
<cfset querySetCell(myQuery,"hello","what u",4)>
<cfset querySetCell(myQuery,"hello","what",5)>
<cfdump var="#myQuery#">

<cfquery name="res" dbtype="query">
SELECT *
FROM myQuery
WHERE hello LIKE <cfqueryparam cfsqltype="cf_sql_varchar" value="%$what's up%">
</cfquery>

<cfdump var="#res#">

Railo 4.1.1.009 - 返回两个结果(第2行和第3行) ColdFusion 10,0,13,287689 - 不返回任何结果 如果我将SQL更改为

WHERE hello LIKE '%what''s up%'

我仍然没有结果

2 个答案:

答案 0 :(得分:1)

aarh !!经典的皇后疼痛案例。

要解决此问题,您必须添加额外的&#39;对每一个人来说在你的搜索词中,通过逃避它。 

<cfset myQuery = queryNew('hello')>
<cfset queryAddRow(myQuery,5)>
<cfset querySetCell(myQuery,"hello","what up",1)>
<cfset querySetCell(myQuery,"hello","what's up",2)>
<cfset querySetCell(myQuery,"hello","what's up friends",3)>
<cfset querySetCell(myQuery,"hello","what u",4)>
<cfset querySetCell(myQuery,"hello","what",5)>
<cfdump var="#myQuery#">

<cfset  x = "what's up" />

<cfquery name="res" dbtype="query">
SELECT *
FROM myQuery
WHERE hello LIKE <cfqueryparam cfsqltype="cf_sql_varchar" value="#replace(x, "'", "''", "all")#%">
</cfquery>

<cfdump var="#res#">

如果您直接执行此操作,如上所述,

WHERE hello LIKE '%what''s up%'

解析器正在疯狂。但是,如果通过函数返回值传递值,则通过变量以某种方式对值进行运行时赋值会使解析器满意。

我记得在发送用&#39;;&#39;分隔的多个SQL语句时使用这些技巧。在cfquery。直接写

"DECLARE x NUMBER; SELECT 2 INTO x FROM DUAL;"
在cfquery中失败,但是将它们分配给一个字符串,然后将字符串作为任何字符串操纵函数(lcase,ucase等)的返回值发送,效果很好。

注意:问题已解决,但如果我的解释和方法不同,请随时更正并发表评论。

答案 1 :(得分:1)

我正在运行ColdFusion 10 u13。

修改您的回购代码似乎有效:

<cfset myQuery = queryNew('hello')>
<cfset queryAddRow(myQuery,5)>
<cfset querySetCell(myQuery,"hello","what up",1)>
<cfset querySetCell(myQuery,"hello","what's up",2)>
<cfset querySetCell(myQuery,"hello","what's up friends",3)>
<cfset querySetCell(myQuery,"hello","what u",4)>
<cfset querySetCell(myQuery,"hello","what",5)>
<cfdump var="#myQuery#">

<cfquery name="res" dbtype="query">
SELECT *
FROM [myQuery]
WHERE [hello] LIKE <cfqueryparam cfsqltype="cf_sql_varchar" value="%what''s up%">
</cfquery>

请注意&lt; cfqueryparam&gt;中的双引号。标签。像Dan一样,我会想到&lt; cfqueryparam&gt;标签会自动为您处理此问题。也许这是QoQ中的一个错误?

相关问题
最新问题