Ersetzen in ColdFusion Verderben SQL-Abfrage

Question

Ich habe die folgende MySQL-Abfrage, es verursacht einen Fehler, der Fehler ist auch unten.

SELECT DISTINCT s.id as id, s.auctioneer as auctioneer, s.advertType as advertType, s.saleType as saleType, an.name as auctioneerName, st.entryCopy as saleTypeName, at.entryCopy as advertTypeName, s.heading AS heading, sl.city AS city, sd.id AS sdId, sd.startDate AS startDate 
    FROM sales s LEFT JOIN saleloc sl ON sl.saleId = s.id LEFT JOIN saledates sd ON sd.saleLoc = sl.id, 
      auctioneers an, 
      lookupcopy st, 
      lookupcopy at 
    #replace(findWhere,"''","'","all")# AND 
    s.id = sd.saleId AND sl.saleId = s.id 
    AND an.id = s.auctioneer 
    AND st.id = s.saleType 
    AND at.id = s.advertType 
    GROUP BY id  
    ORDER BY startDate, auctioneerName, city 

Fehler aus der Datenbank

SELECT DISTINCT s.id as id, s.auctioneer as auctioneer, s.advertType as advertType, s.saleType as saleType, an.name as auctioneerName, st.entryCopy as saleTypeName, at.entryCopy as advertTypeName, s.heading AS heading, sl.city AS city, sd.id AS sdId, sd.startDate AS startDate 
FROM sales s 
LEFT JOIN saleloc sl ON sl.saleId = s.id 
LEFT JOIN saledates sd ON sd.saleLoc = sl.id, auctioneers an, lookupcopy st, lookupcopy at 
'WHERE s.advertType > 0 
AND s.saleType > 0 
AND sl.region = "2" ' 
AND s.id = sd.saleId 
AND sl.saleId = s.id 
AND an.id = s.auctioneer 
AND st.id = s.saleType 
AND at.id = s.advertType 
GROUP BY id 
ORDER BY startDate, auctioneerName, city 

Ich habe nicht den Code schreiben, und ich bin mir nicht sicher, warum die #replace() # verwendet wird, kann jeder sehen, wie die Syntaxfehler zu beheben es verursacht?

Answer 1

Before the query code, do a replace as follows: 

<cfset findWhere = Replace(findWhere, "''", "'", "ALL")# 
<cfif Left(findWhere, 1) EQ "'"> 
    <cfset findWhere = Right(findWhere, Len(findWhere) - 1)> 
</cfif> 
<cfif Right(findWhere, 1) EQ "'"> 
    <cfset findWhere = Left(findWhere, Len(findWhere) - 1)> 
</cfif> 

<cfquery name="qry" datasource="mysql"> 
SELECT DISTINCT s.id as id, s.auctioneer as auctioneer, s.advertType as advertType, s.saleType as saleType, an.name as auctioneerName, st.entryCopy as saleTypeName, at.entryCopy as advertTypeName, s.heading AS heading, sl.city AS city, sd.id AS sdId, sd.startDate AS startDate 
FROM sales s 
LEFT JOIN saleloc sl ON sl.saleId = s.id 
LEFT JOIN saledates sd ON sd.saleLoc = sl.id, 
     auctioneers an, 
     lookupcopy st, 
     lookupcopy at 
#findWhere# AND 
s.id = sd.saleId AND sl.saleId = s.id 
AND an.id = s.auctioneer 
AND st.id = s.saleType 
AND at.id = s.advertType 
GROUP BY id  
ORDER BY startDate, auctioneerName, city 
</cfquery> 

Answer 2

Der in findWhere gespeicherte Wert enthält einfache Anführungszeichen am Anfang und Ende der Zeichenfolge.

Answer 3

Auf eine andere Anmerkung: Wenn Sie findWhere ohne direkten Benutzereingabewert erstellt haben, müssen Sie es sichern.

besser zu machen:

... 
WHERE 1= 1 
<cfif listFind('foo' , findWhere)> 
foo= 2 

<cfelseif listFind('bar' , findWhere)> 
bar= 209 

</cfif> 
... 

Answer 4

Nur um zu klären, ich glaube nicht, dass Sie in derselben Abfrage eine eindeutige und eine Gruppe von Aussage zu tun.

Sie machen beide die gleiche Sache, aber aus verschiedenen Gründen.