define a list of id's for grouped item

后端未结

关注

 1  414

i got a little question, i just can\'t understand, what is the problem and how do i solve it, i have a coldfusion variable, for example #account_code#, first of all

相关标签:

1条回答

执念已碎

2021-01-24 18:36
If i understand your question is really how do you correctly use the SQL IN clause.

The SQL IN clause takes a list of values, if those values are numeric they do not need to be quoted, but your codes are strings, so each value needs to be quoted
```
select * from tbl
where id in ('100.001.001','100.001.002')
```
In ColdFusion the correct way to do this is the use <cfqueryparam> with list=true
```
<cfset code_list='100.001.001,100.001.002'>
<cfquery name="qSomething" ...>
select * from tbl
where id in (
  <cfqueryparam list="true" 
    value="#code_list#"
    cfsqltype="cf_sql_varchar" />
)
</cfquery>
```
This turns your list into multiple parameters in your query, and if your code_list is actually being passed in by a form or url variable helps to protect you from SQL injection attacks.
0 讨论(0)
发布评论:

提交评论
- 加载中...