Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

having trouble passing variables and cfquery with a variable table name

Posted on 2004-10-28
7
Medium Priority
?
246 Views
Last Modified: 2013-12-24
I list all the tables in a database and allow the user to select one. The next page should open that table and display the data. The variable is not passed from page 1 and page 2 was working with a hard coded table name but not a variable even if I hard code the value of the variable.

Page 1;

<form action="as400interface_CallListMaint2.html" method="get" name="pageone">
<p align="center">
Select a call list to work with<br>
<table>
<iSQLtables DBNAME="emailerdb"  Qualifier="emailers" types="TABLE" LOGIN="tax-talentdata/tony12">
<isqlfetch>
      <iwhile notalias=i_sqlempty>
            <tr><td><input type="radio" name="SelectIt" value=":3"> :3</td>
            <isqlfetch>            
            <td><input type="radio" name="SelectIt" value=":3"> :3</td>
            <isqlfetch>
            <td><input type="radio" name="SelectIt" value=":3"> :3</td>
            <isqlfetch>
            <td><input type="radio" name="SelectIt" value=":3"> :3</td></tr>
            <isqlfetch>
      </iwhile alias=i_sqlempty>
</isql>

</table>
<input type="submit" value="next">
</p>
</form>



Page 2;

<cfset CallListName = #SelectIt#>
CallListName
<cfquery name="emtable" datasource="emailerdb" dbtype="ODBC" username="tax-talentdata" password="tony12">
      SELECT *
      FROM CallListName
</cfquery>
<br>
<form action="As400interface_CallListMaint5.cfm" method="post">
<table width="100%">
      <tr>
            <td></td>
            <td><strong>Comp#</strong></td>
            <td><strong>Comp Name</strong></td>
            <td><strong>Home Email</strong></td>
            <td><strong>Work Email</strong></td>
            <td><strong>Frist Name</strong></td>
      </tr>
<cfloop query="emtable" startrow="1" endrow="#emtable.recordcount#">
      
      <tr>
            <td><input type="checkbox" name="addtocart" value="<cfoutput>#Use_Flag#</cfoutput>" checked="checked"></td>
            <td><cfoutput>#Company_Number#</td>
            <td>#Company_Name#</td>
            <td>#Home_Email#</td>
            <td>#Work_Email#</td>
            <td>#First_Name#</cfoutput></td>
      </tr>      

      
</cfloop>
</table>
<br>
<table width="300">
      <tr>
            <td><input type="submit" name="Submit" value="Send Mailer"></td>
            <td><input type="submit" name="Submit" value="Save As Call List"></td>
      </tr>

</table>
</form>
0
Comment
Question by:larksys
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 8

Expert Comment

by:sigmacon
ID: 12440973
Hi larksys,

It would be very helpful if you would post the error message(s) that you are getting! Also, you are submitting the form to an HTML file - I am assuming that is mapped to ColdFusion Server or it's not going to do anything!

First, just to make sure that the variable passing is working, do a <cfdump var="#SelectIt#"> on top of page 2. If it prints the table name you expect, the next thing to fix is you query itself

<cfdump var="#SelectIt#"> <!--- this is for debugging only and can be deleted later --->
<cfset CallListName = #SelectIt#>
...
<cfquery name="emtable" datasource="emailerdb" dbtype="ODBC" username="tax-talentdata" password="tony12">
     SELECT *
     FROM #CallListName#
</cfquery>

One thing that is very dangerous in the way you are doing this is that someone could put arbitrary SQL in this query simply by doing page2.cfm?SelectIt=sysindexes;drop database master (this example is contrived). If you know that your table names only contain letter, for example, you may want to play it save with something like this:

<cfquery name="emtable" datasource="emailerdb" dbtype="ODBC" username="tax-talentdata" password="tony12">
     SELECT *
     FROM #reReplace(CallListName, '[^a-zA-Z]+', '', 'all')#
</cfquery>


Good luck!
0
 
LVL 1

Author Comment

by:larksys
ID: 12441023
                                  Call List Maintenance

                  CallListName SELECT * FROM CallListName

            Comp#                Comp Name        Home Email      Work Email      Frist Name
 #Company_Number# #Company_Name# #Home_Email# #Work_Email# #First_Name#


This is the results from page 2 after putting in the cfdump code (plus a couple of buttons at the bottum). You'll notice that there is no error code and the variable CallListName comes out as a literal and the SQL select statement prints as a literal.

 
0
 
LVL 1

Author Comment

by:larksys
ID: 12441185
You'll notice that this code is a cludge of html, iHtml, cold fusion, and SQL. Below is an iHtml heapdump of the page and SelectIt=conspec3 which is correct.

Thread Local Heap Dump


Inline Internet Systems iHTML/2.20.500 Enterprise
i_priv_srv : SBLOCK
i_path : D:\usersites\taxtalent2\htdocs\admin\as400interface_CallListMaint2.html
i_query_string : SelectIt=conspec3
i_priv_ka : true
i_http_HTTP_CONTENT_LENGTH : 0
i_http_HTTP_ACCEPT : */*
i_http_HTTP_ACCEPT_ENCODING : gzip, deflate
i_http_HTTP_ACCEPT_LANGUAGE : en-us
taxtalentv : 510161019892523-V2.0-A07470-L220
i_hostname : www.taxtalent.com
i_http_HTTP_REFERER : http://www.taxtalent.com/admin/as400interface_calllistmaint1.html
i_http_HTTP_USER_AGENT : Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)
i_priv_post :
i_priv_tcall : 197
i_key_expiry : Never
SelectIt : conspec3
IHTML_PRIV_RECURSE : true
0
Plesk WordPress Toolkit

Plesk's WordPress Toolkit allows server administrators, resellers and customers to manage their WordPress instances, enabling a variety of development workflows for WordPress admins of all skill levels, from beginners to pros.

See why 2/3 of Plesk servers use it.

 
LVL 5

Accepted Solution

by:
kkhipple earned 750 total points
ID: 12441228
i think the problem might be as simple as you not having CFOUTPUT statements and #'s around your variables...OR maybe its just too late for me. :P

try the following:


<CFOUTPUT>
<cfset CallListName = #SelectIt#>
#CallListName#
<cfquery name="emtable" datasource="emailerdb" dbtype="ODBC" username="tax-talentdata" password="tony12">
     SELECT *
     FROM #CallListName#
</cfquery>
<br>
<form action="As400interface_CallListMaint5.cfm" method="post">
<table width="100%">
     <tr>
          <td></td>
          <td><strong>Comp Num</strong></td>
          <td><strong>Comp Name</strong></td>
          <td><strong>Home Email</strong></td>
          <td><strong>Work Email</strong></td>
          <td><strong>Frist Name</strong></td>
     </tr>
<cfloop query="emtable" startrow="1" endrow="#emtable.recordcount#">
     
     <tr>
          <td><input type="checkbox" name="addtocart" value="#Use_Flag#" checked="checked"></td>
          <td>#Company_Number#</td>
          <td>#Company_Name#</td>
          <td>#Home_Email#</td>
          <td>#Work_Email#</td>
          <td>#First_Name#</cfoutput></td>
     </tr>    

     
</cfloop>
</table>
<br>
<table width="300">
     <tr>
          <td><input type="submit" name="Submit" value="Send Mailer"></td>
          <td><input type="submit" name="Submit" value="Save As Call List"></td>
     </tr>

</table>
</form>
</CFOUTPUT>
0
 
LVL 1

Author Comment

by:larksys
ID: 12441249
                                 Call List Maintenance

             #CallListName# SELECT * FROM #CallListName#

     Comp#                    Comp Name         Home Email       Work Email        Frist Name
 #Company_Number# #Company_Name# #Home_Email# #Work_Email# #First_Name#


No such luck (not that it doesn't usually comes down to something simple). But I do think it might be late. I'm going to play with a little more then hit the rack.
0
 
LVL 1

Author Comment

by:larksys
ID: 12441377
Ok, I guess I need to limit my work to daylight hours. The page name was .html and should have been .cfm and I should have caught it a lot sooner.

Thanks for making me look closer.
0
 
LVL 8

Expert Comment

by:sigmacon
ID: 12441586
I was pointing that out in my first response, why did you not accept that?
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to setting up a new WHM/cPanel Server to be used for web hosting accounts. It is intended for web hosting company administrators and dedicated server owners. For under $99 per month (considering normal rate of Big Data Cetnters like …
Introduction This article explores the design of a cache system that can improve the performance of a web site or web application.  The assumption is that the web site has many more “read” operations than “write” operations (this is commonly the ca…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question