0

I am trying to pass the ID of a username through the URL (this part works). Then on to the next page where I display the user's information. However I cannot get the latter part to work correctly. Below is my code

Working URL code:

<a href="memberdetails.cfm?id='#custlist.customerID#'">#custlist.userName#<br />

The non working part:

<cfquery name="custlist" datasource="homesource">
       id = $_GET['customerID'] ;
   SELECT * FROM customers WHERE customerID = id
</cfquery>

Any help with this problem would be welcomed. I am just starting to learn ColdFusion (like today). This application is just for me playing about, testing the waters. So if possible, no debates on me passing the id through the url.

4

4 回答 4

7

要引用 URL 变量,只需引用前缀为url. 您将 customerID 传递给id参数,因此您将指定url.id. 在字符串中,您需要用井号将其括起来:"#url.id#"

以下是更改查询以使用示例中的 URL 变量的方法:

<cfquery name="custlist" datasource="homesource">
    SELECT * 
    FROM customers 
    WHERE customerID = <cfqueryparam value="#url.id#" cfsqltype="cf_sql_integer">
</cfquery>

为了更加安全,请务必使用cfqueryparam将变量绑定到您的 SQL。

于 2013-04-10T15:38:09.893 回答
1

其他答案已经告诉您如何解决手头的问题。这是额外的东西。你有这个:

<cfquery name="custlist" datasource="homesource">
id = $_GET['customerID'] ;
SELECT * FROM customers WHERE customerID = id
</cfquery>

错误是在 ColdFusion 应用程序中使用 php 代码。当然这很愚蠢,但你可以这样做:

<cfquery name="custlist" datasource="homesource">
<cfset id = url.customerID>
SELECT * FROM customers WHERE customerID = id
</cfquery>

关键是您可以将其他冷融合标签放在 cfquery 块中。这是一个更实际的例子。

<cfquery name="custlist" datasource="homesource">
SELECT * 
FROM customers 
<cfif StructKeyExists(url,"customerid")>
WHERE customerID = <cfqueryparam cfsqltype="cf_sql_integer" value="#url.customer_id#">
</cfif>
</cfquery>
于 2013-04-10T16:05:32.750 回答
0 
<cfquery name="custlist" datasource="homesource">
   SELECT * FROM customers WHERE customerID = <cfqueryparam cfsqltype="cf_sql_integer"   value="#url.customer_id#">
</cfquery>

切勿直接在查询中使用客户端数据,在本例中为 URL。整数参数将阻止所有 SQL 注入黑客尝试。由于数据库通信的发生方式(sql 准备语句),它还提高了性能。

于 2013-04-10T15:37:04.570 回答
-1

我建议购买一本关于冷融合的书,因为这是他们教给你的最基本的东西。

<cfquery name="custlist" datasource="homesource">
   SELECT * FROM customers WHERE customerID = <Cfqueryparam  cfsqltype="cf_sql_integer" value="#url.id#">
</cfquery>
于 2013-04-10T15:36:52.567 回答