|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
|
|
#1
June 19th, 2005, 06:52 AM
|
|||
|
|||
|
Paging Issue
Hi all ...I'm kindda in a jam righ now...well what I'm trying to do is a simple search of my db...it work perfect until
i try to implement record paging on the result page (searchemp2.cfm)..an error of Code:
The error "Element FIELDNAME is undefined in FORM. The error occurred in C:\CFusionMX\wwwroot\epaihris\searchemp2.cfm: line 3 1 : 2 : <cfquery name="result" datasource="epa"> 3 : Select * from employee where #Form.fieldname# LIKE '%#trim(Form.sitem)#%' 4 : </cfquery> 5 : <CFPARAM name="URL.currentrow" default="1">" does any one know how to settle this prob....i attach my code below Code:
search page (searchemp1.cfm)
[search page (searchemp1.cfm)]
<form action="searchemp2.cfm" method="post" name="form1">
<span class="style1">Search on</span>
<select name="fieldname" id="fieldname">
<option value="full_name" selected>Employee Name</option>
<option value="emp_no">Employee No</option>
</select>
<span class="style1">for</span>
<input name="sitem" type="text" id="sitem">
<input type="submit" name="Submit" value="Submit">
</form>
Code:
result page (searchemp2.cfm)
[result page (searchemp2.cfm)]
<cfquery name="result" datasource="epa">
Select * from employee where #Form.fieldname# LIKE '%#trim(Form.sitem)#%'
</cfquery>
<CFPARAM name="URL.currentrow" default="1">
<cfset qmaxrows = 10>
<CFSET next = URL.currentrow + qmaxrows>
<CFSET prev = URL.currentrow - qmaxrows>
<cfset qtotal = result.recordcount>
<cfset thispagemax = (qmaxrows + url.currentrow) - 1>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Untitled Document</title>
<link href="css/zulpunya.css" rel="stylesheet" type="text/css">
</head>
<body>
<table width="500" border="0" align="center" id="overall">
<tr>
<td width="802" height="258" valign="top"><div align="center">
<table width="425" id="navigation" >
<tr>
<td width="590" height="30" >Navgation Bar </td>
</tr>
</table><table width="472" id="pgcontent">
<tr>
<td width="464" height="59"><cfif result.RecordCount GT 0>
<table width="413" class="nicetableheader">
<tr class="nicetableheader">
<td width="89">Emp No </td>
<td width="215">Name</td>
<td width="93"> </td>
</tr>
</table>
<table width="414" border="0" class="nicetablerow">
<cfoutput>
<tr class="nicetablerow">
<td width="86">#result.emp_no#</td>
<td width="218">#result.full_name#</td>
<td width="88">Detailed...</td>
</tr>
</cfoutput> </table>
</cfif> <span class="content"><a href="searchemp2.cfm?currentrow=#prev#">Previous</a> <a href="searchemp2.cfm?currentrow=#next#">Next</a></span><br>
<cfoutput class="content">Showing #URL.currentrow# -
<cfif thispagemax GT qtotal>
#qtotal#
<cfelse>
#thispagemax#
</cfif>
of #qtotal# records.
</cfoutput> <table width="415" border="1">
<tr>
<td width="405" class="nicetableheader">No Result Found </td>
</tr>
</table>
<p> </p>
<br>
<br></td>
</tr>
</table></td>
</tr>
</table>
</body>
</html>
|
|
#2
June 19th, 2005, 10:58 AM
|
|||
|
|||
|
Well, on subsequent pages you must not be posting the form again, so the fieldname form field is not present beyond the first page. One solution is to pass the fieldname as a URL variable or set it as a session variable so that you can use it on the on the other pages.
As a side note, letting the user dynamically set the name of the table being selected from is a pretty huge security hole...what if they tell the query to hit the users table (if you have one)? They could then see all the user names and passwords, etc. For a simple app you might not care, but if this were a professional application you probably wouldn't want to do this.
__________________
Ask if you have a question, but also help answer questions that you have knowledge of! Thanks, Brian. How to Post a Question in the Forums
|
|
#4
June 19th, 2005, 11:54 PM
|
|||
|
|||
|
Hard coding the name of the table is the most secure option, but it means having a separate query for each table. It's also not good practice to "select *", you should really be selected the desired columns by name or alias, which is another reason to have separate queries. At the very least you should have some sort of validation that inspects the value of form.fieldname to confirm that it is a valid table name.
|
|
#6
June 20th, 2005, 08:03 AM
|
|||
|
|||
|
Which part needs more explaining? To me they're fairly striaghtforward (don't "select *", use column names; and don't use a variable for the table name, either hard code the table name or validate the variable to ensure it matches table names that you want to allow users to query).
|
|
| Viewing: Dev Shed Forums > Programming Languages - More > ColdFusion Development > Paging Issue |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
