CODEWITHSUNDEEP
mysqlfunctioncoldfusionsql-insertcoldfusion-2016
sg552
sg552

Reputation: 1543

What is the correct way to use sql query in coldfusion function

I have this code that will passed variable to function and insert it. But I'm getting error:

<cffunction name="insertSupplierPersonnel" output="false" access="public" returnType="struct">
    <cfargument name="name" type="string" required="true" />
    <cfargument name="email" type="string" required="false" default="" />
    <cfargument name="office_phone" type="string" required="false" default="" />
    <cfargument name="mobile_phone" type="string" required="false" default="" />
    <cfargument name="designation" type="string" required="false" default="" />

    <cfset var res = '' />

    <cfquery datasource="#session.dsn_aset#" result="res">
        INSERT INTO `supplier_personnel_incharge` (
            `name`,
            `email`,
            `office_phone`,
            `mobile_phone`,
            `designation`
        )
        VALUES
        (
            cfargument.name,
            cfargument.email,
            cfargument.office_phone,
            cfargument.mobile_phone,
            cfargument.designation
        ) ;
    </cfquery>

    <cfreturn res />
</cffunction>

<cfset res = insertSupplierPersonnel(name='#form.personnel_name#', email='#form.personnel_email#', office_phone='#form.personnel_office_phone#', mobile_phone='#form.personnel_mobile_phone#', designation='#form.personnel_designation#') />

<cfdump  var="#res#">

I'm getting this error:

enter image description here

There's a problem with cfargument.name. What is the correct way to use cfargument for insert query? Thanks in advance.

Upvotes: 2

Views: 1019

Answers (2)

Dan Pendergrass
Dan Pendergrass

Reputation: 1

To summarize all of the correct answers and comments above. This would be your best practice:

  • Function returnType should be "query", not "struct"
  • If you specify a default value, CF recognizes the argument as "not required"
  • Use cfqueryparam on all query parameters

Optional

  • Use the null attribute of cfqueryparam to insert a NULL if there is no value given
  • You don't need a trailing semi-colon at the end of the sql statement
<!---return type is query, not struct --->
<cffunction name="insertSupplierPersonnel" output="false" access="public" returnType="query">
    <cfargument name="name" type="string" required="true" />
    <!--- NOTE: If you specify a default value, CF recognizes the argument as "not required" --->
    <cfargument name="email" type="string" default="" />
    <cfargument name="office_phone" type="string" default="" />
    <cfargument name="mobile_phone" type="string" default="" />
    <cfargument name="designation" type="string" default="" />

    <cfquery datasource="#session.dsn_aset#" result="local.data">
        INSERT INTO supplier_personnel_incharge (
            name, /*Unless your database column names are case-sensitive, you don't need quotation marks around the column names*/
            email,
            office_phone,
            mobile_phone,
            designation
        )
        VALUES
        (
            <cfqueryparam cfsqltype="cf_sql_varchar" value="#trim(arguments.name)#">,
            /*insert NULL if there is no value given*/
            <cfqueryparam cfsqltype="cf_sql_varchar" null="#Not Len(trim(arguments.email))#" value="#trim(arguments.email)#">,
            <cfqueryparam cfsqltype="cf_sql_varchar" null="#Not Len(trim(arguments.office_phone))#" value="#trim(arguments.office_phone)#">,
            <cfqueryparam cfsqltype="cf_sql_varchar" null="#Not Len(trim(arguments.mobile_phone))#" value="#trim(arguments.mobile_phone)#">,
            <cfqueryparam cfsqltype="cf_sql_varchar" null="#Not Len(trim(arguments.designation))#" value="#trim(arguments.designation)#">,
        ) /*you don't need a trailing semi-colon*/
    </cfquery>

    <cfreturn local.data />
</cffunction>

<cfset local.res = insertSupplierPersonnel(name='#form.personnel_name#',
    email='#form.personnel_email#', 
    office_phone='#form.personnel_office_phone#', 
    mobile_phone='#form.personnel_mobile_phone#', 
    designation='#form.personnel_designation#') />

<cfdump var="#local.res#">

Upvotes: 0

Dan Bracuk
Dan Bracuk

Reputation: 20804

First, the correct scope is arguments, not cfargument. So, change this sort of thing:

cfargument.name,

to this:

arguments.name,

Next, you have to surround your variable names with pound signs to get the value of the variable, i.e. #arguments.name#.

Next, use query parameters, i.e. <cfqueryparam value="#arguments.name#">. Among other things, they will escape special characters used in the SQL query syntax.

Upvotes: 7

Related Questions