Pull Down with binding and AJAX

后端未结

关注

 2  458

轮回少年 2021-01-20 12:02

I am new to ColdFusion and just started learning about Ajax. The question I have is that I found on the web some cool coding to implement two pull down menus, where is the s

2条回答

暖寄归人 (楼主)

2021-01-20 12:41
Testing CFC's

Always test cfc's in CF before plugging them into ajax. There is no point messing with bindings until after you have verified the cfc works without error, because if it does not work in CF, it is not going work with ajax either. The only difference is the errors will be harder to find.

As others suggested, start small. Test the query by itself. Then move onto to testing the CFC either using or simply invoke it from your browser with test values like:
```
http://yourserver/path/to/select.cfc?method=getServiceType2&cat_desc= 
http://yourserver/path/to/select.cfc?method=getServiceType2&cat_desc=someValue
```
Error

In regards to the error, we need to see the full error message to provide more specific advice. However, looking at the query/code some likely causes are:
1. CAT_DESC is a varchar column, in which case your argument must be enclosed in single quotes. Otherwise the database will think the argument value is an object name (table or column).
```
WHERE CAT_DESC = '#ARGUMENTS.CAT_DESC#' 
```
2. .. OR CAT_DESC is a numeric column, but your argument is empty. That would result in an invalid sql statement. You need to ensure a valid number is passed into the query (Or you could skip the WHERE clause when the argument is empty, depending on the desired results). One common approach is using the val() function to convert empty strings and other non-numeric values to zero, ie:
  
  WHERE CAT_DESC = #val(ARGUMENTS.CAT_DESC)#
3. It also looks like you have a stray after the second query. (Assuming it is not a copy/paste error)
4. One other thing, your second query specifies both datasource and dbtype. Those two attributes are mutually exclusive. Having both may cause a syntax error (I have not tried it). Either way you should only use one of them (most likely datasource).
SQL Injection

That said - the query above is vulnerable to sql injection. You should always use on all variable query parameters to guard against sql injection. It has other benefits as well (performance, data type checking, etcetera). But sql injection protection is the most critical in a web application.
```
WHERE CAT_DESC = 
```
Improvements

As of CF8.0.1+, cfselect can bind to a query object (not just an array). So instead of building an array, simply return the raw query from the function.
```
    
        

        

         
           SELECT TheQueryColumnToDisplay, TheQueryColumnUsedForListValue
           FROM  ... 
           WHERE ... 
        

       
    
```
Then specify which column(s) to use for the display and value attributes:
```
    
```
0 讨论(0)

查看其它2个回答
发布评论:

提交评论
- 加载中...