为什么这个冷血查询不起作用?

时间:2014-03-25 20:45:32

标签: sql coldfusion cfquery

我遇到了尝试使用此cfquery更新SQL表的问题。这是冷聚变的代码:

    <CFSET dateTimes=DateFormat(Now(),"mm\dd\yyyy")>
    <CFQUERY NAME="updateTime" DATASOURCE="#this_datasource#">
        UPDATE users
        SET ACTIVITYDATE = CAST(#dateTimes# AS smalldatetime)
        WHERE username = '#Form.login_username#'
        AND Password = '#Form.Password#'
    </CFQUERY>

当试图执行此操作时,它给了我:

    Error Executing Database Query. [Macromedia][SQLServer JDBC Driver]   [SQLServer]Incorrect syntax near '\25'. 
    The error occurred on line 19.

另一件事是sal_var的类型,ACTIVITYDATE是smalldatetime。我也尝试过没有强制转换,只做普通#dateTimes#var。我也尝试过cfqueryparam也没用。提前感谢您的帮助!

2 个答案:

答案 0 :(得分:3)

用于SQL Server datetime / smalldatetime值的cfqueryparam cfsqltype是cf_sql_timestamp。您可以按如下方式重新编写代码:

<CFSET dateTimes=DateFormat(Now(),"mm/dd/yyyy")>
<CFQUERY NAME="updateTime" DATASOURCE="#this_datasource#">
    UPDATE users
    SET ACTIVITYDATE = <cfqueryparam value="#dateTimes#" cfsqltype="cf_sql_timestamp">
    WHERE username = <cfqueryparam value="#Form.login_username#" cfsqltype="cf_sql_varchar">
    AND Password = <cfqueryparam value="#Form.Password#" cfsqltype="cf_sql_varchar">;
</CFQUERY>

建议使用cfqueryparam以避免SQL注入漏洞。

请参阅:https://wikidocs.adobe.com/wiki/display/coldfusionen/cfqueryparam

答案 1 :(得分:0)

改变这个:

SET ACTIVITYDATE = CAST(#dateTimes# AS smalldatetime)

到此:

SET ACTIVITYDATE = GetDate()

或者,如果您不想要时间组件

SET ACTIVITYDATE = cast(GetDate() as date)

虽然您可以发送ColdFusion变量,但是没有必要这样做,为什么要这么麻烦?