问题
i got a little question, i just can't understand, what is the problem and how do i solve it, i have a coldfusion variable, for example #account_code#, first of all, this code looks like this: 100.001.001 (there are bunch of them of cource) and i have some values for this variable, like sum(nettotal) and the cfquery i grouped by this #account_code#, all i want is to set the list of these codes, thus i define list, for example <cfset code_list='100.001.001,100.001.002'> and in query: account_code in (#code_list#) i also tried this one account_code in ('#code_list#') but instead it gives out the error, it says the Incorrect syntax near '.001'. as far as i understand i need to replace somehow these dots, and define the codes id's without them. thank you all for the help! i really appretiate it!
回答1:
If i understand your question is really how do you correctly use the SQL IN clause.
The SQL IN clause takes a list of values, if those values are numeric they do not need to be quoted, but your codes are strings, so each value needs to be quoted
select * from tbl
where id in ('100.001.001','100.001.002')
In ColdFusion the correct way to do this is the use <cfqueryparam> with list=true
<cfset code_list='100.001.001,100.001.002'>
<cfquery name="qSomething" ...>
select * from tbl
where id in (
<cfqueryparam list="true"
value="#code_list#"
cfsqltype="cf_sql_varchar" />
)
</cfquery>
This turns your list into multiple parameters in your query, and if your code_list is actually being passed in by a form or url variable helps to protect you from SQL injection attacks.
来源:https://stackoverflow.com/questions/10426824/define-a-list-of-ids-for-grouped-item