|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
Stop making mediocre tutorials.The best tutorials are video! Camtasia Studio makes it easy to create engaging, buzz-building screen videos at any size, in any popular format. Download the free trial!
|
|
#1
September 21st, 2004, 04:04 PM
|
|||
|
|||
|
running user input query
I'm trying to let the user input a query into a textarea then run the query using coldfusion and display results into a another textarea... Any ideas????
|
|
#2
September 21st, 2004, 04:08 PM
|
||||
|
||||
|
Form page:
Code:
<form method="post" action="whatever.cfm"> <p><input type="text" name="thequery"></p> <p><input type="submit" value="Submit"></p> </form> Submission page: Code:
<cfquery name="userquery" datasource="whateverDSN"> <cfoutput> #Form.thequery# </cfoutput> </cfquery> <cfoutput query="userquery"> #OutputFields# </cfoutput> It'll be a real bastard validating that though. One wrong line of syntax and it'll throw a CF error. Of course, you could use the cfthrow method (notice the nice lead intot that). Above is just a simplified version.
|
|
#3
September 21st, 2004, 05:13 PM
|
|||
|
|||
|
Not to mention that the user could then basically run queries of any type against any table that you've set the account to have access too. This is a gigantic security hole in my opinion and unless you really know what you are doing or you are not worried about security for this, I'd take another route.
__________________
Ask if you have a question, but also help answer questions that you have knowledge of! Thanks, Brian. How to Post a Question in the Forums
|
|
| Viewing: Dev Shed Forums > Programming Languages - More > ColdFusion Development > running user input query |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
