[英]Cannot find syntax error in Coldfusion query
I do not understand why I am getting this error.我不明白为什么会收到此错误。 I am using a cfform to send data from one html page to the next.
我正在使用 cfform 将数据从一个 html 页面发送到下一个页面。 See below.
见下文。 Another thing I am noticing is that the first two characters of the angle_changes string are cut off.
我注意到的另一件事是angle_changes 字符串的前两个字符被截断。 It should be '0a0a0a0a' but '0a0a0a' gets passed in the error message.
它应该是“0a0a0a0a”,但“0a0a0a”会在错误消息中传递。
Here is the relevant html/Javascript code from spatialforaging.cfm:这是来自 spatialforaging.cfm 的相关 html/Javascript 代码:
<!---all of these get passed from a previous page using cfoutput, except for angle_changes--->
<cfform action="field_transition.cfm" method="post" name="field_form">
<cfinput type="hidden" id="angle_changes" name="angle_changes" value="">
<cfinput type="hidden" id="subject_id" name="subject_id" value=#subject_id#>
<cfinput type="hidden" id="times_switched_away" name="times_switched_away" value=#times_switched_away#>
<cfinput type="hidden" id="total_time_unfocused" name="total_time_unfocused" value=#total_time_unfocused#>
<cfinput type="hidden" id="completed_fields" name="completed_fields" value="">
</cfform>
Script脚本
//these values get changed earlier in the script
document.getElementById("times_switched_away").value = times_switched_away;
document.getElementById("total_time_unfocused").value = total_time_unfocused;
document.getElementById("completed_fields").value = completed_fields.toString();
//angleChanges is an array containing integers which is created elsewhere in the script
var angleChangesFormString = document.getElementById("angle_changes").value;
//adding each angle change to a string to add to database
for (i=0; i < angleChanges.length; i++) {
angleChangesFormString += angleChanges[i].toString();
angleChangesFormString += "a";
}
angleChangesFormString = angleChangesFormString.replace("undefined","");
document.getElementById("angle_changes").value = angleChangesFormString;
//this does print the correct value of '0a0a0a0a' to alert
alert(document.getElementById("angle_changes").value);
document.getElementById("field_form").submit();
Below are the queries from field_transition.cfm以下是来自 field_transition.cfm 的查询
<cfquery datasource="exmind">
update dbo.sf
set completed_fields = #completed_fields#
where subject_id = #subject_id#
</cfquery>
<cfquery datasource="exmind">
update dbo.sf
set times_switched_away = #times_switched_away#, total_time_unfocused = #total_time_unfocused#
where subject_id = #subject_id#
</cfquery>
<!---the first two queries work fine and update the database properly--->
<!---but this one gives the error message below.--->
<!---I do not see a syntax error, it is formatted exactly like the two queries above which work fine--->
<cfquery datasource="exmind">
update dbo.sf
set angle_changes = #angle_changes#
where subject_id = #subject_id#
</cfquery>
Error Message:错误信息:
Error Executing Database Query.
执行数据库查询时出错。
[Macromedia][SQLServer JDBC Driver][SQLServer]Incorrect syntax near 'a0a0a0a'.
[Macromedia][SQLServer JDBC 驱动程序][SQLServer]'a0a0a0a' 附近的语法不正确。
The error occurred in C:REDACTED/field_transition.cfm: line 64
错误发生在 C:REDACTED/field_transition.cfm: line 64
62: update dbo.sf
62:更新 dbo.sf
63: set angle_changes = #angle_changes#
63:设置角度变化=#角度变化#
64: where subject_id = #subject_id#
64:其中subject_id = #subject_id#
65:
65:
66:
66:
VENDORERRORCODE 102
供应商错误代码 102
SQLSTATE HY000
SQLSTATE HY000
SQL update dbo.sf set angle_changes = 0a0a0a0a where subject_id = 523550
SQL 更新 dbo.sf 设置 angle_changes = 0a0a0a0a where subject_id = 523550
DATASOURCE exmind
数据源提示
I think the issue is that you are not using <cfqueryparam>
.我认为问题在于您没有使用
<cfqueryparam>
。
The field you are trying to update looks like a string field.您尝试更新的字段看起来像一个字符串字段。
<cfquery datasource="exmind">
update dbo.sf
set angle_changes = <cfqueryparam value="#angle_changes#" cfsqltype="cf_sql_varchar">
where subject_id = <cfqueryparam value="#angle_changes#" cfsqltype="cf_sql_integer">
</cfquery>
When trying to update a varchar/char/text database field the query should look like the following(with the quotes) set angle_changes = '0a0a0a0a'
.尝试更新 varchar/char/text 数据库字段时,查询应如下所示(带引号)
set angle_changes = '0a0a0a0a'
。 <cfqueryparam>
something similar in a better way. <cfqueryparam>
以更好的方式类似的东西。
<cfqueryparam>
improves the security of you code by preventing SQL injection. <cfqueryparam>
通过防止 SQL 注入来提高代码的安全性。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.