Use onClick to change CF values

Collapse
X
Collapse
 
  • Page of 2
  • Time
  • Show
Clear All
new posts
Previous 1 2 template Next
  • ndeeley
    New Member
    • Mar 2007
    • 139
    #16
    Yes, sorry i posted the wrong code.

    The actual hyperlinking is this:

    Code:
    <td style="width: 100px;"><a href="http://marlin/engeastl/scripts/RepairWorkshops/Devaction_search2.cfm?WorkshopWONO='#WorkshopWONO#'">#WorkshopWONO#</a></td>
    and the processing code is:

    Code:
    <cfquery datasource="repairmdb" name="GetClientNo">
	select 		ID, 
			WorkshopFK, 
			ClientFK,
			SiteFK,
			WORecdate,
			ResponseLevelFK,
			ClientWONO,
			WorkshopWONO,
			WorkshopJOBNO,
		 DateRecordAdded
	from		tblWorkshops
	where		WorkshopWONO = '#WorkshopWONO#'
    WorkshopWONO is a string (tho actually a number stored in a text field, for reasons that they don't all have a WONO).

    The processing page appears, but tells me that no record is found, so it's not processing the received value properly.

      Comment

      • acoder
        Recognized Expert MVP
        • Nov 2006
        • 16032
        #17
        You don't need the single quotes around WorkshopWONO, so the link should be:
        Code:
        Devaction_search2.cfm?WorkshopWONO=#WorkshopWONO#
        Note that you could still store it as a number and use NULL for non-values.

          Comment

          • ndeeley
            New Member
            • Mar 2007
            • 139
            #18
            That's grand - thanks acoder!

            Neil

              Comment

              • acoder
                Recognized Expert MVP
                • Nov 2006
                • 16032
                #19
                Though it's probably not as much of a problem with an internal application (except with an programming-savvy disgruntled employee), a point to bear in mind is that you should sanitise inputs before using them in queries (e.g. use cfqueryparam), otherwise you could be subject to an SQL injection attack.

                  Comment

                  • ndeeley
                    New Member
                    • Mar 2007
                    • 139
                    #20
                    Ok...for the non technically minded (ie given a book on CF and dumped in the deep end) what is an SQL injection attack?

                      Comment

                      • acoder
                        Recognized Expert MVP
                        • Nov 2006
                        • 16032
                        #21
                        This article should help, though maybe one or two things may not apply to Coldfusion 5. For a general link on SQL injection, see the Wikipedia entry.

                          Comment

                          • ndeeley
                            New Member
                            • Mar 2007
                            • 139
                            #22
                            Interesing, and not about a cure for Swine Flu like I first thought...

                            I'm cleaning up my code so I shall apply all the instructions within!

                            Cheers acoder!
                            Neil

                              Comment

                              Previous 1 2 template Next
                              Working...