CODEWITHSUNDEEP
coldfusion
suraj p Yedre
suraj p Yedre

Reputation: 21

How to resolve ColdFusion analyzer error while upgrading?

I am upgrading my ColdFusion from 2018 to 2021. While running my code against the analyzer I got below error.

enter image description here

For below code

<Cfquery name="getcheck" datasource="***">
Select userid,function as funct from users where 
','||UPPER(function)||',' like '%,#UCase(Function)#,%'
</Cfquery>

This code works correctly on SQL

Screenshot of actual code

enter image description here

Upvotes: 0

Views: 102

Answers (1)

SOS
SOS

Reputation: 6550

(Too long for a comment ....)

Invalid CFML construct found on line 108 at column 131.
ColdFusion was looking at the following text:

)

The CFML compiler was processing:

    An expression beginning with UCase, on line 108, column 117.This message is usually caused by a problem in the expressions structure.
    The body of a Cfquery tag beginning on line 107, column 25
    ....

Looking closer, that's a basic compilation error, not a Code Analyzer issue. It appears the use of the keyword function in that context is causing the CF compiler to choke. Change the name to a non-reserved word like functionFoo and the error disappears.

Since Function is a reserved word in most every database, and language, I'd strongly recommend changing the column and variable name, as it'll just continue to cause unexpected issues and errors like this in the future. If you absolutely cannot rename the database column, start by escaping it in the sql query. For Oracle try enclosing the column name in double quotes

You may also need to change the CF variable name and/or prefix it with the appropriate scope name: such as #form.Function# or #variables.function# instead of just #function#. Though again, to avoid conflicts, it's far better to just change the variable name. The CF parameter should also be wrapped in cfqueryparam for db performance and sql injection protection.

   <cfquery name="getCheck" datasource="***">
      SELECT userid, "function" as funct 
      FROM   users 
      WHERE  ','||UPPER("function")||',' LIKE
           <cfqueryparam value="%,#UCase(FORM.Function)#,%"
               cfsqltype="cf_sql_varchar">

   </Cfquery>

Upvotes: 2

Related Questions