i had a stored proc for which i made changes and added 2 new form fields to a stored proc
and then ran it successfully
now when i revoke the stored proc and run , it runs successfully but in the coldfusion
it gives the error
[Macromedia][SQLServer JDBC Driver][SQLServer]Insert Error: Column name or number of supplied values does not match table definition.
90 : <cfprocparam type="in" cfsqltype="CF_SQL_INTEGER" dbvarname="#reportMonth" value="#xxMDB#">
91 : <cfprocparam type="in" cfsqltype="CF_SQL_INTEGER" dbvarname="#orderBy" value="#xxOBDB#">
92 : **<cfprocresult name="xxResult">**
93 : </cfstoredproc>
Since ColdFusion MX:
Changed the dbvarname attribute
behavior: it is now ignored for all
drivers. ColdFusion uses JDBC 2.2 and
does not support named parameters.
http://www.cfquickdocs.com/cf8/#cfprocparam
Related
When running a query with EncryptByKey and cfqueryparam, the value appears to be getting truncated.
For example:
<cfset customer_number = 123 />
<cfset soc_sec_number = "123-45-6789" />
<cfquery datasource="web_applications">
OPEN SYMMETRIC KEY SSNKey
DECRYPTION BY CERTIFICATE SSNCert;
UPDATE
Customers
SET
SSN_Encrypted = EncryptByKey( Key_GUID( 'SSNKey' ), <cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#soc_sec_number#" > )
WHERE
customer_number = <cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#customer_number#" > ;
CLOSE SYMMETRIC KEY SSNKey;
</cfquery>
The resulting database value, when decrypted, is "1". If I remove the <cfqueryparam>, the whole value is stored without issue. Additionally, this issue only occurs when used in conjunction with EncryptByKey.
We're using CF 2018 and sql 2016. This just began to be a problem yesterday. It may or may not be related, but our power was lost yesterday. Is is possible that some cf file was corrupted, or some encoding setting was changed? How would I check for this?
UPDATE:
When performing the following query:
<cfquery name="get_ssn">
OPEN SYMMETRIC KEY SSNKey
DECRYPTION BY CERTIFICATE SSNCert;
SELECT
CONVERT( VARCHAR, DecryptByKey( [ssnEncrypted] ) ) AS decrypted_ssn
FROM
customers
WHERE
Customer.customer_number= <cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#customer_number#" > ;
CLOSE SYMMETRIC KEY SSNKey;
</cfquery>
The resulting value of decrypted_ssn is as follows:
<cfdump var="#get_ssn.decrypted_ssn#"> -> 123-45-6789
<cfdump var="#right(get_ssn.decrypted_ssn, 4)#"> -> 89
in sql studio -> 1
I suspect some encoding issue at this point, since coldfusion returns the full value but thinks that right(123-45-6789, 4) is 89 rather than 6789
I'm not sure how to test this theory.
UPDATE:
I've confirmed this issue is arising on more than one table, and with more than one symmetric key.
UPDATE again:
The string saved using cfqueryparam, when the LEN() command is used, outputs 22, whereas the value WITHOUT cfqueryparam outputs 11.
UPDATE:
I followed the solution Here, which seemed to resolve my issue. But I want to understand how this happened. The connection didn't seem to require this until yesterday, when the power went out and the server restarted.
The application in question runs on Coldfusion 11 with hotfix 7 and running on a Linux server that is connected to a Windows Oracle database. The goal is to make the application run on Linux which is a step by step process (which is why the database in on Windows server).
I know the database works because it connects successfully via the Coldfusion administrator panel and this SQL statement returns an user_id successfully:
<cfquery name="qUser" datasource="#Application.datasource#">
SELECT td_user_id
FROM td_user
WHERE ROWNUM <= 1
</cfquery>
The code in question is such:
<cfstoredproc procedure="td_session_pkg.new_session" datasource="#application.datasource#">
<cfprocparam type="In" cfsqltype="CF_SQL_CHAR" value="#arguments.username#">
<cfprocparam type="In" cfsqltype="CF_SQL_CHAR" value="#arguments.password#">
<cfprocparam type="In" cfsqltype="CF_SQL_CHAR" value="#cgi.remote_addr#">
<cfprocparam type="In" cfsqltype="CF_SQL_INTEGER" value="#rand_int#">
<cfprocparam type="In" cfsqltype="CF_SQL_INTEGER" value="#application.app_id#">
<cfprocparam type="In" cfsqltype="CF_SQL_INTEGER" value="1">
<cfprocparam type="In" cfsqltype="CF_SQL_INTEGER" value="#pwdRequired#">
<cfprocparam type="Out" cfsqltype="CF_SQL_CHAR" variable="sid">
</cfstoredproc>
<!--- Test --->
<cfquery name="testS" datasource="#Application.datasource#">
SELECT
sys_context('USERENV','SID') AS theSid
FROM dual
</cfquery>
<cfthrow message="SID: #sid# and #testS.theSid#">
The cfthrow returns
SID: (blank here) and 37
I've had tried many things but have yet to return the sid correctly (it is needed to continue user authentication). The values inside the cfprocparam tags are variables stated above and all have valid values.
Coldfusion variables are not case sensitive, as stated by Adobe
Any insight as to why this wouldn't return the sid and why the SQL statement would? (from my research I believe they are the same thing).
Thanks for the help, I am will and answer any questions quickly.
Since the code I posted in comments has the white-space mangled:
SET SERVEROUTPUT ON;
DECLARE
sid VARCHAR2(20);
BEGIN
td_session_pkg.new_session(
'username',
'password',
'remote_addr',
0,
0,
1,
0,
sid
);
DBMS_OUTPUT.PUT_LINE( 'SID' || sid );
END;
/
Run this in an SQL client (i.e. SQL developer or SQL/Plus) from the user you would connect to via ColdFusion.
The aim is to test that the database:
Has the procedure.
The database user has access to it.
The procedure runs in the database.
The procedure gives the expected result.
Running the query successfully will tell you that #1-#3 are fine and you can check #4 against your expectations.
If any aren't as expected then you know the problem is at the database end and not in ColdFusion.
If they run as expected then you can start looking at the CF settings to make sure your datasources are pointing where you expect (i.e. are they connecting to the correct user) and that the datasource has permissions to execute procedures.
Then if that is all correct, look at the variables you are passing into the <CFSTOREDPROC> and <CFPROCPARAM> tags - are the datasource and variables as expected.
If you want to formalize it as you go then you could write unit & integration tests which cover the steps you try and next time you want to test things you just run the test suites.
I am getting this error and don't understand why:
Error Executing Database Query. [Macromedia][SQLServer JDBC
Driver][SQLServer]Invalid column name 'buildno'. The error occurred
in C:/data/wwwroot/webappsdev/cfeis/redbook/redbook_bio_load.cfm: line
10
8 : select *
9 : from redbook_bio
10 : where build_num = '#session.build_num#'
11 : </cfquery>
12 :
VENDORERRORCODE: 207 SQLSTATE: 42S22 SQL: select * from
redbook_bio where buildno = '4700' DATASOURCE: xxxx
******"
It is saying buildno is an invalid column name, but I do not have that name in my query. I used to, but changed both the column in the database and the column name in the query to build_num. You can see my exact code with line numbers, and that there is no 'buildno' in there. But looking at the SQL statement below that, it is still trying to use 'buildno'.
I had my editor check the directory for anywhere it says buildno and no results came back. I have restarted the CF Service and cleared the cache. Why would it still be trying to run it with buildno instead of build_num like the code says?
There was a cfquery cache setting in the Administrator. We had it set to 100. Apparently clearing the cache template and component cache doesn't clear the cfquery cache. I changed the query name and it fixed the problem. It most likely could have been fixed by setting the cfquery cache value to 0.
HELP!!
Just migrating a site from one server to another, the coldfusion version is changing from cf8 to cf9 [linux/centos]
this code used to work before:
cfinclude('../SQL/contact.sql.cfc');
form.phone = unFormatPhone(form.phone);
contactID = InsertContact(form);
In the included file is:
<cfcomponent output="false" >
<!--- -------------------------------- insert -------------------------------- --->
<cffunction name="InsertContact" returntype="numeric" output="false" access="public" >
now I get an error when browsing the pages:
Variable INSERTCONTACT is undefined.
The error occurred in /var/www/vhosts/xxxxxx.com/httpdocs/Assets/XHTML/buy-my-car.cfm: line 54
Called from /var/www/vhosts/newride.ca/httpdocs/Application.cfc: line 232
Called from /var/www/vhosts/newride.ca/httpdocs/Application.cfc: line 230
Called from /var/www/vhosts/newride.ca/httpdocs/Application.cfc: line 162
52 : cfinclude('../SQL/contact.sql.cfc');
53 : form.phone = unFormatPhone(form.phone);
54 : contactID = InsertContact(form);
55 :
56 : //insert vehicle with app id
What is going on here? the included file is being found, is there some difference between the two versions that is causing this?
Are you sure its being included? try:
include "../SQL/contact.sql.cfc";
form.phone = unFormatPhone(form.phone);
contactID = InsertContact(form);
Well, I'll say first off that I've only worked with CF9, so I can't comment on what you used to be able to do in CF8. But, in CF9 I'm pretty sure you cant use a CFC that way. The closest thing to what you're doing would be transient invocation using <cfinvoke>. See here: http://help.adobe.com/en_US/ColdFusion/9.0/Developing/WSc3ff6d0ea77859461172e0811cbec22c24-7db3.html
But, also look at instantiating the cfc as an object and then calling methods on that object. I like doing it that way as it reminds me of other languages such as Java and C#.
I have a SQL stored procedure which under some situations will return a result of -1 if it fails, but also returns a message via the RAISERROR command e.g.:
BEGIN
RAISERROR ('Error %i has occurred', 11, 1, 0)
RETURN -1
END
I am accessing this via coldfusion using cfstoredproc e.g.:
<cfstoredproc procedure="sp_return" datasource="myDatasource" returncode="yes">
<cfdump var="#cfstoredproc#">
But the structure returned only contains an ExecutionTime and StatusCode keys. Is there any way I can access the error message which has been returned. e.g. To display to the user.
Thanks,
Tom
p.s. I would tag with "cfstoredproc" but I can't create new tags.
Not sure what DB you use but with Oracle I just use ColdFusion Exceptions to bubble up the Oracle exceptions. - #cfcatch.message# and #cfcatch.detail# are what you want to echo to the user.
<cftry>
<cfstoredproc procedure = "my_Proc" dataSource = "#DB#" returnCode = "No">
<cfprocparam type="in" cfsqltype="CF_SQL_VARCHAR" variable="myvar" value="#someval#" null="No">
<cfprocresult name="my_Response">
</cfstoredproc>
<cfcatch type="any">
<cflog file="ProcError" text="Message = #cfcatch.message# Detail= #cfcatch.detail#">
</cfcatch>
</cftry>
Have you tried cfprocresult? Manual page says:
Associates a query object with a
result set returned by a stored
procedure.