Reputation: 87
coldfusion sql query to check user
Trying to match received data from the form with one in the db. So if I dump form variable and the table I can see there is a match but coldfusion gives me this...
Column 'Kirill' is either not in any table in the FROM list or appears within a join specification and is outside the scope of the join specification or appears in a HAVING clause and is not in the GROUP BY list. If this is a CREATE or ALTER TABLE statement then 'Kirill' is not a column in the target table.
The query:
SELECT FIRST_NAME, PASSWORD
from APP.USERS_TASK
where FIRST_NAME = "#form.username#"
and PASSWORD = "#form.password#"
Also the same thing works just fine with id which been passed via url. With the different table though.
Upvotes: 1
Views: 166
Answers (1)
Reputation: 3546
SQL requires strings to be in single quotes, not double.
SELECT FIRST_NAME, PASSWORD
FROM APP.USERS_TASK
WHERE FIRST_NAME = '#form.username#'
AND PASSWORD = '#form.password#'
But really, you should be using cfqueryparam to sanitize your user inputs and prevent SQL injection. This would also take care of any data typing and required quotes for you.
SELECT FIRST_NAME, PASSWORD
FROM APP.USERS_TASK
WHERE FIRST_NAME = <cfqueryparam value="#form.username#" cfsqltype="cf_sql_varchar">
AND PASSWORD = <cfqueryparam value="#form.password#" cfsqltype="cf_sql_varchar">
Upvotes: 6
Related Questions
- ColdFusion: Trying to query database in CFScript
- Coldfusion find if column has value
- Compare two table row values ColdFusion?
- Coldfusion Compare Two Query Results from Same Database
- conditional query in coldfusion
- Coldfusion Query Of Queries
- why isn't this coldfusion query not working?
- coldfusion queries
- output in query ( ColdFusion )
- CFQuery where param