-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathexample.cfc
93 lines (85 loc) · 3.19 KB
/
example.cfc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
<cfcomponent output="yes">
<cfoutput>
<cffunction name="index" access="remote">
<cfscript>
var db=0;
var q=0;
var c=0;
var local={};
</cfscript>
<h1>db.cfc Example Code</h1>
<h2>QueryNew() example data stored in request.qTemp so db.cfc can access it.</h2>
<cfscript>
// Let's build a query so we don't need a database to test db.cfc
request.qTemp=querynew("firstName,lastName","varchar,varchar",
[
["John","Doe"],
["Jane","Smith"],
["Jill","Scott"],
["Ivy","Lane"]
]);
</cfscript>
<cfdump var="#request.qTemp#">
<hr />
<h2>Query of query using cfquery tag</h2>
<cfquery dbtype="query" name="local.qResult">
select * from request.qTemp where lastName=<cfqueryparam value="Doe" cfsqltype="cf_sql_varchar">
</cfquery>
<cfdump var="#local.qResult#">
<hr />
<h2>Query of query using db.cfc</h2>
<cfscript>
db=createobject("db");
db.init({
dbtype:"query",
verifyQueriesEnabled:true,
identifierQuoteCharacter:'' // this is usually a backtick, but query of queries doesn't support that character for table names.
});
c=db.getConfig();
q=db.newQuery();
q.sql="select * from "&q.table("qTemp", "request")&" where lastName="&q.param("Doe", "cf_sql_varchar");
local.qResult=q.execute("qResult");
writedump(local.qResult);
</cfscript>
<hr />
<h2>Example of running a sql filter on the query before it is executed.</h2>
<p>The function, "parsedSQLHelloWorld", adds " where lastName='smith' " to the sql statement at the beginning of q.execute(). This causes local.qResult to only contain "Jane Smith".</p>
<cfscript>
c.parseSQLFunctionStruct={parsedSQLHelloWorld:this.parsedSQLHelloWorld};
q=db.newQuery(c);
q.sql="select * from "&q.table('qTemp','request');
local.qResult=q.execute("qResult");
writedump(local.qResult);
</cfscript>
<hr />
<h2>db.cfc throws exception when string literal or number isn't passed in with db.param() or db.trustedSQL().</h2>
<p>The following code will throw an exception because 'Doe' is a string literal. It must be passed in with q.param('Doe') or q.trustedSQL('Doe').
<cfscript>
q.sql="select * from "&q.table("qTemp", "request")&" where lastName='Doe'";
try{
local.qResult=q.execute("qResult");
}catch(Any e){
writeoutput("<p><strong>Error Message:</strong>"&e.message&'</p>');
}
</cfscript>
<hr />
<h2>Exception because the table name wasn't passed in with q.table().</h2>
<p>The following code will throw an exception because request.qTemp was not passed in with q.table('qTemp', 'result').
<cfscript>
q.sql="select * from request.qTemp";
try{
local.qResult=q.execute("qResult");
}catch(Any e){
writeoutput("<p><strong>Error Message:</strong>"&e.message&'</p>');
}
</cfscript>
</cffunction>
<cffunction name="parsedSQLHelloWorld">
<cfargument name="parsedSQLStruct">
<cfscript>
arguments.parsedSQLStruct.sql&=(" where lastName='Smith' ");
return arguments.parsedSQLStruct;
</cfscript>
</cffunction>
</cfoutput>
</cfcomponent>