ColdFusion Development
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me
Go Back   Dev Shed ForumsProgramming Languages - MoreColdFusion Development
Reload this Page

Multiple Field Search

Discuss Multiple Field Search in the ColdFusion Development forum on Dev Shed.
Multiple Field Search ColdFusion Development forum discussing CFML coding practices, tips on CFML, and other CFML related topics. Find out why ColdFusion is the tool of choice for many e-commerce developers.

Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
« Previous Thread | Next Thread »  
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Dev Shed Forums Sponsor:
  #1  
Old September 2nd, 2004, 04:52 PM
erikd erikd is offline
Contributing User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Aug 2004
Location: NYC
Posts: 81 erikd User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 20 h 19 sec
Reputation Power: 5
Multiple Field Search
I have the following query that checks for a total number of people based on 3 tables, with the first two tables always being joined together and then matching against another table sent from a form. The first two tables are always defined. This works great. But how could I do this if I wanted to send like 3 form values so that there are now 5 total tables or how many ever, but still matching against the two tables I have already established in (), being t1 and t2. So the other tables would come from form.list form.list1 form.list2 and so on. Any help? Thanks guys.

<cfquery name="crossmatch" datasource="datasource">
select count(*) as doctortotal
from #form.list# t3,
(select t1.FIRST_NAME, t1.LAST_NAME, t1.STATE
from Verispan t1
union all
select t2.FIRST_NAME, t2.LAST_NAME, t2.STATE
from Accent t2
) u
where t3.FIRST_NAME = u.FIRST_NAME
and t3.LAST_NAME = u.LAST_NAME
and t3.STATE = u.STATE
</cfquery>
Reply With Quote
  #2  
Old September 2nd, 2004, 06:07 PM
kiteless kiteless is offline
Moderator
Dev Shed Expert (3500 - 3999 posts)
  
Join Date: Jun 2002
Location: Raleigh, NC
Posts: 3,700 kiteless User rank is Sergeant Major (2000 - 5000 Reputation Level)kiteless User rank is Sergeant Major (2000 - 5000 Reputation Level)kiteless User rank is Sergeant Major (2000 - 5000 Reputation Level)kiteless User rank is Sergeant Major (2000 - 5000 Reputation Level)kiteless User rank is Sergeant Major (2000 - 5000 Reputation Level)kiteless User rank is Sergeant Major (2000 - 5000 Reputation Level) 
Time spent in forums: 1 Week 4 Days 17 h 45 m 21 sec
Reputation Power: 53
Couldn't you do:

<cfquery name="crossmatch" datasource="datasource">
select count(*) as doctortotal
from #form.list1# t3,
#form.list2# t4,
(select t1.FIRST_NAME, t1.LAST_NAME, t1.STATE
from Verispan t1
union all
select t2.FIRST_NAME, t2.LAST_NAME, t2.STATE
from Accent t2
) u
where t3.FIRST_NAME = u.FIRST_NAME
and t3.LAST_NAME = u.LAST_NAME
and t3.STATE = u.STATE
and t4.FIRST_NAME = u.FIRST_NAME
and t4.LAST_NAME = u.LAST_NAME
and t4.STATE = u.STATE
</cfquery>

etc...?

Of course using form fields to determine the names of the tables used in the query has the potential to be a pretty large security concern...
__________________
Ask if you have a question, but also help answer questions that you have knowledge of! Thanks, Brian.
How to Post a Question in the Forums
Reply With Quote
  #3  
Old September 3rd, 2004, 12:58 PM
erikd erikd is offline
Contributing User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Aug 2004
Location: NYC
Posts: 81 erikd User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 20 h 19 sec
Reputation Power: 5
Quote:
Originally Posted by kiteless
Of course using form fields to determine the names of the tables used in the query has the potential to be a pretty large security concern...


Thanks for the response. Please explain a little more on the concern though, I am some what new to the security issues concerning queries and such.
Reply With Quote
  #4  
Old September 3rd, 2004, 01:22 PM
kiteless kiteless is offline
Moderator
Dev Shed Expert (3500 - 3999 posts)
  
Join Date: Jun 2002
Location: Raleigh, NC
Posts: 3,700 kiteless User rank is Sergeant Major (2000 - 5000 Reputation Level)kiteless User rank is Sergeant Major (2000 - 5000 Reputation Level)kiteless User rank is Sergeant Major (2000 - 5000 Reputation Level)kiteless User rank is Sergeant Major (2000 - 5000 Reputation Level)kiteless User rank is Sergeant Major (2000 - 5000 Reputation Level)kiteless User rank is Sergeant Major (2000 - 5000 Reputation Level) 
Time spent in forums: 1 Week 4 Days 17 h 45 m 21 sec
Reputation Power: 53
Well, people could put in any table name in your database and that table would be used in the query, right? Now granted, in this case it would probably just fail if they tried to enter, say the name of a system table as the form field, because the join would fail if the table didn't have fields like firstname, lastname, etc. Still, in other cases it could cause much more trouble.
Reply With Quote
Reply

Viewing: Dev Shed ForumsProgramming Languages - MoreColdFusion Development > Multiple Field Search

« Previous Thread | Next Thread »

Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Linear Mode Linear Mode
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump


Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 





© 2003-2008 by Developer Shed. All rights reserved. DS Cluster 2 hosted by Hostway
Stay green...Green IT