在 Coldfusion 查詢中找不到語法錯誤

Question

我不明白為什么會收到此錯誤。 我正在使用 cfform 將數據從一個 html 頁面發送到下一個頁面。 見下文。 我注意到的另一件事是angle_changes 字符串的前兩個字符被截斷。 它應該是“0a0a0a0a”，但“0a0a0a”會在錯誤消息中傳遞。

這是來自 spatialforaging.cfm 的相關 html/Javascript 代碼：

<!---all of these get passed from a previous page using cfoutput, except for angle_changes--->
<cfform action="field_transition.cfm" method="post" name="field_form"> 
<cfinput type="hidden" id="angle_changes" name="angle_changes" value="">
<cfinput type="hidden" id="subject_id" name="subject_id" value=#subject_id#>
<cfinput type="hidden" id="times_switched_away" name="times_switched_away" value=#times_switched_away#>
<cfinput type="hidden" id="total_time_unfocused" name="total_time_unfocused" value=#total_time_unfocused#>
<cfinput type="hidden" id="completed_fields" name="completed_fields" value="">

</cfform> 

腳本

//these values get changed earlier in the script
document.getElementById("times_switched_away").value = times_switched_away;
document.getElementById("total_time_unfocused").value = total_time_unfocused;
document.getElementById("completed_fields").value = completed_fields.toString();


//angleChanges is an array containing integers which is created elsewhere in the script
var angleChangesFormString = document.getElementById("angle_changes").value;

//adding each angle change to a string to add to database
for (i=0; i < angleChanges.length; i++) {
    angleChangesFormString += angleChanges[i].toString();
    angleChangesFormString += "a";
}
    
angleChangesFormString = angleChangesFormString.replace("undefined","");
document.getElementById("angle_changes").value = angleChangesFormString;
//this does print the correct value of '0a0a0a0a' to alert
alert(document.getElementById("angle_changes").value);
document.getElementById("field_form").submit();

以下是來自 field_transition.cfm 的查詢

<cfquery datasource="exmind">
    update dbo.sf
    set completed_fields = #completed_fields#
    where subject_id = #subject_id#
</cfquery>

<cfquery datasource="exmind">
    update dbo.sf
    set times_switched_away = #times_switched_away#, total_time_unfocused = #total_time_unfocused#
    where subject_id = #subject_id#
</cfquery>

    <!---the first two queries work fine and update the database properly--->
    <!---but this one gives the error message below.--->
    <!---I do not see a syntax error, it is formatted exactly like the two queries above which work fine--->
<cfquery datasource="exmind">
    update dbo.sf
    set angle_changes = #angle_changes#
    where subject_id = #subject_id#
</cfquery>

錯誤信息：

執行數據庫查詢時出錯。

[Macromedia][SQLServer JDBC 驅動程序][SQLServer]'a0a0a0a' 附近的語法不正確。

錯誤發生在 C:REDACTED/field_transition.cfm: line 64

62：更新 dbo.sf

63：設置角度變化=#角度變化#

64：其中subject_id = #subject_id#

65：

66：

供應商錯誤代碼 102

SQLSTATE HY000

SQL 更新 dbo.sf 設置 angle_changes = 0a0a0a0a where subject_id = 523550

數據源提示

Answer 1

我認為問題在於您沒有使用<cfqueryparam> 。

您嘗試更新的字段看起來像一個字符串字段。

<cfquery datasource="exmind">
    update dbo.sf
    set angle_changes = <cfqueryparam value="#angle_changes#" cfsqltype="cf_sql_varchar">
    where subject_id = <cfqueryparam value="#angle_changes#" cfsqltype="cf_sql_integer">
</cfquery>

嘗試更新 varchar/char/text 數據庫字段時，查詢應如下所示（帶引號） set angle_changes = '0a0a0a0a' 。 <cfqueryparam>以更好的方式類似的東西。

<cfqueryparam>通過防止 SQL 注入來提高代碼的安全性。