coldfusion - is it possible to dynamically create a query and escape the values too using cfscript+cfquery+cfqueryparam? -


i'm still new coldfusion. dynamically creating query oracle. have used cfquery/cfparam in past rather use cfscript accomplish more readable. intended large 'insert ... into.'

here's basic example of have far:

<cfscript> clinicnil = structnew(); clinicnil.address1 = 'line 1'; clinicnil.address2 = 'line 2';  myfields = [      'address1'     ,'address2' ];  query = querynew(""); sql = "insert all";  (i=1; lte arraylen(myfields); i=i+1) {      sql = sql & "into notinlist (sourcetable, sourcecolumn, sourcepk, enteredvalue, insertdate, updateddate, insertedby, updatedby) values(";     // [..]      // how dynamically escape value below?     sql = sql & escapetheparameterhere( clinicnil[ myfields[i] ]);      // [..]     sql = sql & ") ";  }  writeoutput( query ); </cfscript> 

where have 'escapetheparameterhere' want able have value escaped somehow. how can escape value?

while i'm here, there resources or references cf?

you can bind parameters using addparam function of cfscript query object cfqueryparam works. had convert example bit work on mssql box , smaller version of table should give general idea.

<cfscript> clinicnil = structnew(); clinicnil.address1 = 'line 1'; clinicnil.address2 = 'line 2';  myfields = [      'address1'     ,'address2' ];  query = new query(); //you may need use query methods setdatasource, setusername , setpassword configure query  //sql = "insert all" & chr(13) & chr(10); sql = "";  (i=1; lte arraylen(myfields); i=i+1) {      query.addparam(name="address"&i,value=clinicnil[ myfields[i] ],cfsqltype="varchar");      sql = sql & "insert notinlist (address) values(";      sql = sql & ":address" & i;      sql = sql & ")" & chr(13) & chr(10);  }  queryresult = query.execute(sql=sql); </cfscript> 

the magic :paramname in sql string have it's associated parameter replaced during execute call escaped parameter.


Comments

Popular posts from this blog

Cursor error with postgresql, pgpool and php -

delphi - ESC/P programming! -

c++ - error: use of deleted function -