How update data in all row at the same time using ColdFusion - sql

I want to ask how to update data in all row at the same time. This is my SQL:
<cfloop index="#form.ppp_id#">
<cfquery name="viewPoint" datasource="#application.DataSource#">
update PCRS_PHOTOPOINT set PPP_POINT_FROM = #form.point_from#,
PPP_POINT_UNTIL = #form.point_until#,
PPP_UPDATE_DATE = SYSDATE, PPP_ICONS_NAME = '#form.icons_name#'
where PPP_ID = #form.ppp_id#
</cfquery>
</cfloop>
I got this error:
Attribute validation error for tag 'CFLOOP'

There's no need to use a loop at all. You can use SQL's in operator instead of = to update a list of values all at once, instead of executing a SQL statement in a loop. Also, as someone else already mentioned, you'd better be using cfqueryparam instead of passing user-supplied strings straight to the DB.
<cfquery name="viewPoint" datasource="#application.DataSource#">
update PCRS_PHOTOPOINT set
PPP_POINT_FROM = <cfqueryparam cfsqltype="cf_sql_varchar" value="#form.point_from#">,
PPP_POINT_UNTIL = <cfqueryparam cfsqltype="cf_sql_varchar" value="#form.point_until#">,
PPP_UPDATE_DATE = SYSDATE,
PPP_ICONS_NAME = <cfqueryparam cfsqltype="cf_sql_varchar" value="#form.icons_name#">
where PPP_ID in (<cfqueryparam list="yes" cfsqltype="cf_sql_integer" value="#form.ppp_id#">)
</cfquery>

You should be doing it like this:
<cfloop list="#form.ppp_id#" index="iItems">
<cfquery name="viewPoint" datasource="#application.DataSource#">
update PCRS_PHOTOPOINT set PPP_POINT_FROM = "#form.point_from#",
PPP_POINT_UNTIL = "#form.point_until#",
PPP_UPDATE_DATE = SYSDATE, PPP_ICONS_NAME = "#form.icons_name#"
where PPP_ID = #iItems#
</cfquery>
</cfloop>
Let me know how it goes.

Related

Query null values

I have the column deletedTime in my instances table.
Now I want to check in ColdFusion if the value is null.
There is only one record to be printed out with the query.
IsNull(test) is returning the correct value,
but IsNull(searchForDeletedInstances.deletedTime) returns false but the value is in the datatable null..
<cfquery datasource="hostmanager" name="searchForDeletedInstances">
SELECT deletedTime
FROM instances
WHERE instanceId = <cfqueryparam value="#instanceId#"
cfsqltype="CF_SQL_NVARCHAR">
</cfquery>
<cfloop query="searchForDeletedInstances">
<cfset test= #deletedTime#>
</cfloop>
<cfreturn IsNull(test)>
<cfreturn IsNull(searchForDeletedInstances.deletedTime)>
I would do the test in the query.
<cfquery datasource="hostmanager" name="searchForDeletedInstances">
SELECT deletedTime
FROM instances
WHERE instanceId = <cfqueryparam value="#instanceId#" cfsqltype="CF_SQL_NVARCHAR">
AND deletedTime IS NULL
</cfquery>
<cfreturn BooleanFormat(searchForDeletedInstances.recordcount)>
ColdFusion 2018 does allow for NULL values but the server/site has to be configured to use it. This may break a lot of older code.
ColdFusion before 2018 will use an empty string for NULL values.
I would change the query to only look for NULL deletedTime records. Then use the searchForDeletedInstances.recordCount value to determine if a NULL record was found. The code would look something like this:
<cfquery datasource="hostmanager" name="searchForDeletedInstances">
SELECT deletedTime
FROM instances
WHERE instanceId = <cfqueryparam value="#instanceId#" cfsqltype="CF_SQL_NVARCHAR">
AND deletedTime IS NULL
</cfquery>
<cfset nullRecord = searchForDeletedInstances.recordCount ? true : false>
<cfreturn nullRecord>
Null values from a query come back as empty strings. Test for IsDate() instead. You can always use cfdump to show the contents of your query so you can see the data and data types returned.

How to bulk insert the parsed html table data in database in coldfusion?

I am new in programming and got stuck in a task to insert the parsed html table data into the database. I have tried this link bulk insert in coldfusion but It is not working.
I think my case is different. Here is my code.
sql = '';
records = '';
while(i<rows_length){
// <cfif i NEQ 1 && home_lineup NEQ 1>,</cfif>
writeoutput('<tr>');
for(j=1; j<cols_length; j++){
stat_cell = get_lineup.select('##sl-away-lineup-table tr:eq(#i#) td:eq(#j#)').text();
//records =records & #stat_cell# & ',';
// <cfqueryparam cfsqltype="cf_sql_integer" value="#users[u].firstname#">,
// <cfqueryparam cfsqltype="cf_sql_varchar" value="#users[u].lastname#">,
// <cfqueryparam cfsqltype="cf_sql_varchar" value="#users[u].email#">,
// <cfqueryparam cfsqltype="cf_sql_integer" value="#users[u].firstname#">,
// <cfqueryparam cfsqltype="cf_sql_integer" value="#users[u].firstname#">,
// <cfqueryparam cfsqltype="cf_sql_integer" value="#users[u].firstname#">,
// <cfqueryparam cfsqltype="cf_sql_varchar" value="#users[u].lastname#">,
// <cfqueryparam cfsqltype="cf_sql_varchar" value="#users[u].email#">,
// <cfqueryparam cfsqltype="cf_sql_varchar" value="#users[u].lastname#">,
// <cfqueryparam cfsqltype="cf_sql_varchar" value="#users[u].email#">,
writeoutput('<td>#stat_cell#</td>'); // this is the cell data I want to batch/bulk insert each cell data
records = records& #stat_cell# &','; //it is not a good idea i think to concat like this
}
}
I have no idea how to know that which cell is of which datatype so that I can pass in query param but the other question is that how to make a query(concat or anything else) so that I can insert in database?
Note: This code is written in cfscript but you can provide suggestion other than cfscript.
Your best bet is to use jquery to convert the table into JSON data.
http://www.github.developerdan.com/table-to-json/
I would save that JSON string into a field as is. Only because I would not assume the field names to always match. But at least you'll have the data in an intelligent object you could retrieve later, and manipulate with deserializeJSON() as its own query:
https://helpx.adobe.com/coldfusion/cfml-reference/coldfusion-functions/functions-c-d/DeserializeJSON.html

CFQuery not saving time portion to Oracle Datetime field

I am having a problem using a datetime field in an Oracle database with Coldfusion with and don't know how to solve it.
I have a table (Subject) which contains a datetime field ("MODIFIED"). If I look the date I obtain 04-JAN-17 for instance. If I do this query:
select to_char(MODIFIED, 'DD-MM-YYYY HH24:MI:SS') from Subject
It returns:
04-01-2017 09:57:43
I can retrieve this same result in ColdFusion.
I then try to copy that data to another table with the same structure if the "MODIFIED" value has changed. For doing that I retrieved the data in a first query and insert it into the new table. The data is retrieved correctly. Especially the date (I can see it in the ColdFusion script). However, the time of the date is lost. So for instance, I obtain 04-01-2017 00:00:00 instead of 04-01-2017 09:57:43.
Here is the relevant part of my script:
Main page:
<!-------- Get data -------->
<cfquery name="select_Subject_to_insert" datasource="#application.datasource#">
SELECT CODE, MODIFIED, NAME FROM Subject
</query>
<cfloop query="select_Subject_to_insert">
<!-------- Create an object "Subject" -------->
<cfscript>
subject_to_insert = createObject("component", "Subject").init();
subject_to_insert.id = -1;
subject_to_insert.Code = select_Subject_to_insert.CODE;
subject_to_insert.modified = select_Subject_to_insert.MODIFIED;
subject_to_insert.name = select_Subject_to_insert.NAME;
</cfscript>
<!-------- Call the function for saving data -------->
saveSubject(subject_to_insert)
</cfloop>
Main component:
<!--- Function to save (update) Subject. --->
<cffunction name="saveSubject" returntype="string" access="remote">
<cfargument name="subject" required="yes" type="vo.Subject" />
<cfset var timestp = createTimeStamp() />
<!--- insert --->
<cfquery name="insertSubject" datasource="#application.datasource#" result="insertSubjectResult">
insert into Subject (
CODE,
MODIFIED,
NAME
TIMESTAMP
)values (
<cfqueryparam value="#arguments.subject.CODE#" null="no" cfsqltype="cf_sql_varchar"/>,
<cfqueryparam value="#arguments.subject.MODIFIED#" null="no" cfsqltype="cf_sql_date"/>,
<cfqueryparam value="#arguments.subject.NAME#" null="no" cfsqltype="cf_sql_varchar"/>,
<cfqueryparam value="#timestp#" null="no" cfsqltype="cf_sql_numeric"/>
)
</cfquery>
........................................
</cffunction>
Could you please help me to understand why the time is not inserted correctly and solve the problem?
You want to use:
<cfqueryparam value="#arguments.subject.MODIFIED#" null="no" cfsqltype="cf_sql_timestamp"/>
The cf_sql_date type does not have a time component whereas cf_sql_timestamp does. You can check the compatability matrix in the documentation to see that cf_sql_timestamp corresponds to the Oracle DATE data type.
You can also simplify your page to get rid of the function call (assuming it is not doing extra processing):
<cfquery name="insertSubject" datasource="#application.datasource#" result="insertSubjectResult">
insert into Subject (
CODE,
MODIFIED,
NAME
TIMESTAMP
)
SELECT code,
modified,
name,
<cfqueryparam value=createTimeStamp() null="no" cfsqltype="cf_sql_numeric"/>
FROM subject
-- WHERE some_condition
</cfquery>

Update error using ## [Macromedia][SQLServer JDBC Driver][SQLServer]Incorrect syntax near the keyword 'WHERE'

Here is my code:
<cfdump var="#addEnt#" >
<!-- ADD -->
<cfquery name="add" datasource="testdatasource" dbtype="OLEDB">
UPDATE tblrequests
SET
lastname='#ucase(form.lastname)#',
firstname='#ucase(form.firstname)#',
middlei='#ucase(form.middlei)#',
title='#form.title#',
eod='#dateformat(form.eod,'m-d-yyyy')#',
dutystation='#form.dutystation#',
requestsnetwork=<cfif parameterexists(form.requestsnetwork)>1<cfelse>0</cfif>,
affiliation='#form.affiliation#',
commentssupvreq='#form.commentssupvreq#',
requestdelete=<cfif form.requestdelete IS NOT ''>'#dateformat(form.requestdelete,'m-d-yyyy')#',<cfelse>Null,</cfif>
commentssupvdelete='#form.commentssupvdelete#',
commentssupvedit='#form.commentssupvedit#',
dateemailrequested=<cfif form.dateemailrequested IS NOT ''>'#dateformat(form.dateemailrequested,'m-d-yyyy')#',<cfelse>Null,</cfif>
commentsit='#form.commentsit#',
bgcomplete=<cfif form.bgcomplete IS NOT ''>'#dateformat(form.bgcomplete,'m-d-yyyy')#',<cfelse>Null,</cfif>
dategroupscreated=<cfif form.dategroupscreated IS NOT ''>'#dateformat(form.dategroupscreated,'m-d-yyyy')#',<cfelse>Null,</cfif>
WHERE recnumber = #addEnt#
</cfquery>
When I submit the form I get an error:
Error Executing Database Query. [Macromedia][SQLServer JDBC
Driver][SQLServer]Incorrect syntax near the keyword 'WHERE'.
My cfdump displays the correct addent number from sql, but using #addEnt# in the sql statement is not working. Other pages in my applications ## for SQL queries and they work fine.
The last line in your set statements has a comma at the end, which is where the SQL will be complaining
(Too long for comments)
As suggested in the comments, there are several improvements you could make to the query: one of the biggest, being the addition of cfqueryparam. It provides several advantages, such as:
CFQueryparam, or bind variables, help improve performance by encouraging databases to reuse query execution plans, rather than generating a new one each time (which is a costly operation).
Bind variables also prevent the execution of client supplied values as SQL commands, which has the happy side effect of preventing common forms of sql injection.
CF's implementation of bind variables also provides an extra layer of validation, by type checking input values, before the query is ever executed. So when invalid parameters are detected, it saves a wasted trip to the database.
A few other tips for improving the query
Although it makes no syntactical difference, consider placing commas at the beginning of each line, rather than at the end. This makes it easier to spot extra or missing commas:
UPDATE SomeTable
SET ColumnA = 'xxxx'
, ColumnB = 'yyyy'
, ColumnC = 'zzzzz'
, ColumnD = 'xxxx'
, ColumnE = 'yyyy'
WHERE ....
It looks like your query is populating several datetime columns. When working with datetime columns, it best to use date objects, not strings. Date strings are ambiguous, and can be interpreted differently than you might expect, depending on the database or settings. To insert a date only, use <cfqueryparam cfsqltype="cf_sql_date" ...>, for both date and time use <cfqueryparam cfsqltype="cf_sql_timestamp" ...>. Obviously, always validate the date strings first.
Consider using cfqueryparam's null attribute. It can be quite handy when inserting null values conditionally. (See example below)
As an aside, ParameterExists was deprecated a while ago and replaced with IsDefined, or preferably StructKeyExists. In this case, another alternative to a CFIF is to declare a default with cfparam, so the form field in question always exists.
Putting it all together, your final query might look something like this. I guessed about the column data types, so adjust as needed.
UPDATE tblrequests
SET lastname = <cfqueryparam value="#ucase(form.lastname)#" cfsqltype="cf_sql_varchar">
, firstname = <cfqueryparam value="#ucase(form.firstname)#" cfsqltype="cf_sql_varchar">
, middlei = <cfqueryparam value="#ucase(form.middlei)#" cfsqltype="cf_sql_varchar">
, title = <cfqueryparam value="#form.title#" cfsqltype="cf_sql_varchar">
, eod = <cfqueryparam value="#form.eod#" cfsqltype="cf_sql_date">
, dutystation = <cfqueryparam value="#form.dutyStation#" cfsqltype="cf_sql_varchar">
, requestsnetwork = <cfqueryparam value="#form.requestsNetwork#" cfsqltype="cf_sql_bit">
, affiliation = <cfqueryparam value="#form.affiliation#" cfsqltype="cf_sql_varchar">
, commentssupvreq = <cfqueryparam value="#form.commentsSupvReq#" cfsqltype="cf_sql_varchar">
, requestdelete = <cfqueryparam value="#form.requestDelete#" cfsqltype="cf_sql_date" null="#not isDate(form.requestDelete)#">
, commentssupvdelete = <cfqueryparam value="#form.commentssupvdelete#" cfsqltype="cf_sql_varchar">
, commentssupvedit = <cfqueryparam value="#form.commentssupvedit#" cfsqltype="cf_sql_varchar">
, dateemailrequested = <cfqueryparam value="#form.dateEmailRequested#" cfsqltype="cf_sql_date" null="#not isDate(form.dateEmailRequested)#">
, commentsit = <cfqueryparam value="#form.commentsit#" cfsqltype="cf_sql_varchar">
, bgcomplete = <cfqueryparam value="#form.bgComplete#" cfsqltype="cf_sql_date" null="#not isDate(form.bgComplete)#">
, dategroupscreated = <cfqueryparam value="#form.dateGroupsCreated#" cfsqltype="cf_sql_date" null="#not isDate(form.dateGroupsCreated)#">
WHERE recnumber = <cfqueryparam value="#addEnt#" cfsqltype="cf_sql_integer">

Coldfusion - Comma delimiter with comma inside value

I am building a list using SQL data and I am trying to make each value of the list as: 'value1',value2','value,4' and so on.
My problem is that I am using this code:
(
SELECT COUNT(ns.ticket)
FROM ns_trade ns
WHERE ns.[login]=mt.[login]
AND
<cfif qGetCommentsAccounting.recordCount gt 0>
ns.COMMENT IN ('#listChangeDelims(qGetCommentsAccounting.list_comments, "','")#')
<cfelse>
1=2
</cfif>
)as no_of_tickets_accounting
which is works perfect EXCEPT when my value has comma inside like 'value,4'.
Any suggestions how to solve that?
If both queries work on the same database, it would be way more KISS to put them together. Usually, you should try to do as much as possible within your database.
SELECT
COUNT(ns.ticket)
FROM
ns_trade ns
WHERE
ns.[login] = mt.[login]
AND
ns.COMMENT IN
(
SELECT
comment
FROM
tbl_comment
WHERE
report_type = <cfqueryparam value="#arguments.type#" cfsqltype="cf_sql_varchar">
AND
report_id = <cfqueryparam value="#arguments.report_id#" cfsqltype="cf_sql_integer">
)
I fix the problem changing my query to:
<cfquery name="qGetComments" datasource="#application.dsn#">
SELECT (STUFF((SELECT ',' +CHAR(39) +CAST(comment as varchar(50)) +CHAR(39)
FROM tbl_comment
WHERE report_type = <cfqueryparam value="#arguments.type#" cfsqltype="cf_sql_varchar">
AND report_id = <cfqueryparam value="#arguments.report_id#" cfsqltype="cf_sql_integer">
FOR XML PATH('')),1, 1, '')) as list_comments
</cfquery>
where CHR(39) is the single quote and later on the other query (wich is inside an cfsavecontent):
(SELECT COUNT(ns.ticket)
FROM ns_trade ns
WHERE ns.[login]=mt.[login]
AND <cfif qGetCommentsAccounting.recordCount gt 0> ns.COMMENT IN (#qGetCommentsAccounting.list_comments#)
<cfelse>
1=2
</cfif>)as no_of_tickets_accounting
and execute it with PreserveSingleQuotes()