asaworker
asked on
Coldfusion SQL and apostrophes
I have a query of a query that is pulling data from the active directory using sql and coldfusion. I want to get a result that has an apostrophe in it. my sql is below:
<cfquery dbtype="query" name="results3">
SELECT * FROM results WHERE lower(displayName) like lower('%#searchvars#%')
</cfquery>
The searchvars contains an example of o'brien. I can't seem to get that to show up in the outputted query. Any ideas?
<cfquery dbtype="query" name="results3">
SELECT * FROM results WHERE lower(displayName) like lower('%#searchvars#%')
</cfquery>
The searchvars contains an example of o'brien. I can't seem to get that to show up in the outputted query. Any ideas?
it sounds like maybe the quotes are throwing it off, however when you're doing a "like" it should return similar matches regardless of quotes, have you dumped out the data you want to compare to make sure the values are there, and to see what would be there for a comparrison? sometimes that helps to figure out why something isn't matching up as well...
ASKER
I think I put my question in wrong. I am using a query to get results out of an active directory using ColdFusion. The results are an Intranet phone directory. I am trying to search on those results. SOme results have an apostrophe in them. When I put the apostrophe in the search box, it is not finding the results with the apostrophe in them. Any ideas? Code below:
<h2 class="subhomehead">:: Phone Directory</h2>
<cfset sortby = form.displayName>
<cfif (IsDefined("form.displayNa
<cfset filter = "(&(objectclass=user)">
<cfparam name="searchvars" default="form.displayName"
<cfif (IsDefined("form.displayNa
<cfset filter = filter & "(displayName=#form.displa
</cfif>
<cfset filter = filter & ")">
<!--- make the LDAP query --->
<cfparam name="logindomain" default="amsa">
<cfparam name="password" default="xxx">
<cfparam name="username" default="xxxxxx">
<cfparam name="ldapServer" default="xxx.xxx.com">
<cfparam name="dcStart" default="ou=Users & Groups,dc=xxx,dc=com">
<cfldap action="QUERY" name="results" attributes="displayName,ti
<cfquery dbtype="query" name="results2">
SELECT DISTINCT department FROM results WHERE department != ''
</cfquery>
<cfquery dbtype="query" name="results3">
SELECT * FROM results WHERE lower(displayName) like lower('%#searchvars#%')
</cfquery>
<!--- Display results --->
<center>
<table width="82%" cellspacing="0" cellpadding="0" border="0" class="search">
<tr>
<th colspan="6">
<cfoutput>#results3.record
</cfoutput></TH>
</tr>
<tr>
<th>Name</th>
<th>Title</th>
<th>Department</th>
<th>Ofice</th>
<th>Phone</th>
<th>E-mail</th>
</tr>
<cfoutput query= "results3">
<tr>
<td>#displayName#</td>
<td>#title#</td>
<td>#department#</td>
<td>#PhysicalOfficeDeliver
<td>#telephoneNumber#</td>
<td><A href = "mailto:#mail#">#mail#</A>
</tr>
</cfoutput>
</table>
</cfif>
<cfoutput>
<form action="#cgi.script_name#"
<p>Enter a name to search in the database.
<p>
Firstname <input type="Text" name="displayName" <cfif (IsDefined("form.displayNa
<br/><select name="department">
<option value="">All Departments</option>
</cfoutput>
<cfoutput query = "results2">
<option value="#department#">#depa
</cfoutput></select>
<input type="Submit" value="Search" name="Search">
</form>
<h2 class="subhomehead">:: Phone Directory</h2>
<cfset sortby = form.displayName>
<cfif (IsDefined("form.displayNa
<cfset filter = "(&(objectclass=user)">
<cfparam name="searchvars" default="form.displayName"
<cfif (IsDefined("form.displayNa
<cfset filter = filter & "(displayName=#form.displa
</cfif>
<cfset filter = filter & ")">
<!--- make the LDAP query --->
<cfparam name="logindomain" default="amsa">
<cfparam name="password" default="xxx">
<cfparam name="username" default="xxxxxx">
<cfparam name="ldapServer" default="xxx.xxx.com">
<cfparam name="dcStart" default="ou=Users & Groups,dc=xxx,dc=com">
<cfldap action="QUERY" name="results" attributes="displayName,ti
<cfquery dbtype="query" name="results2">
SELECT DISTINCT department FROM results WHERE department != ''
</cfquery>
<cfquery dbtype="query" name="results3">
SELECT * FROM results WHERE lower(displayName) like lower('%#searchvars#%')
</cfquery>
<!--- Display results --->
<center>
<table width="82%" cellspacing="0" cellpadding="0" border="0" class="search">
<tr>
<th colspan="6">
<cfoutput>#results3.record
</cfoutput></TH>
</tr>
<tr>
<th>Name</th>
<th>Title</th>
<th>Department</th>
<th>Ofice</th>
<th>Phone</th>
<th>E-mail</th>
</tr>
<cfoutput query= "results3">
<tr>
<td>#displayName#</td>
<td>#title#</td>
<td>#department#</td>
<td>#PhysicalOfficeDeliver
<td>#telephoneNumber#</td>
<td><A href = "mailto:#mail#">#mail#</A>
</tr>
</cfoutput>
</table>
</cfif>
<cfoutput>
<form action="#cgi.script_name#"
<p>Enter a name to search in the database.
<p>
Firstname <input type="Text" name="displayName" <cfif (IsDefined("form.displayNa
<br/><select name="department">
<option value="">All Departments</option>
</cfoutput>
<cfoutput query = "results2">
<option value="#department#">#depa
</cfoutput></select>
<input type="Submit" value="Search" name="Search">
</form>
I think you are referrring to this query:
<cfquery dbtype="query" name="results3">
SELECT * FROM results WHERE lower(displayName) like lower('%#searchvars#%')
</cfquery>
I would suggest that you change the variable to double quotes "
<cfquery dbtype="query" name="results3">
SELECT * FROM results WHERE lower(displayName) like lower("%#searchvars#%")
</cfquery>
I would also advise you to use <cfquerparam> for all of your queries from a security and performance perspective.
<cfquery dbtype="query" name="results3">
SELECT * FROM results WHERE lower(displayName) like lower('%#searchvars#%')
</cfquery>
I would suggest that you change the variable to double quotes "
<cfquery dbtype="query" name="results3">
SELECT * FROM results WHERE lower(displayName) like lower("%#searchvars#%")
</cfquery>
I would also advise you to use <cfquerparam> for all of your queries from a security and performance perspective.
ASKER
Still not working. I'm trying to pull a result form the phonebook that has an apostrophe in the last name . An example would be O'Malley. Code Below:
<cfset sortby = form.q>
<cfif (IsDefined("form.q") AND form.q is not "")>
<cfset filter = "(&(objectclass=user)">
<cfparam name="searchname" default="form.q">
<cfif (IsDefined("form.departmen
<cfparam name="searchdept" default="form.departments"
<cfset searchdept = form.departments>
</cfif>
<cfif (IsDefined("form.q") AND form.q is not "")>
<cfset filter = filter & "(displayName=#form.q#*)">
<cfset searchname = PreserveSingleQuotes(form.
</cfif>
<cfset filter = filter & ")">
<!--- make the LDAP query --->
<cfparam name="logindomain" default="xxxx">
<cfparam name="password" default="xxxxxxxxx">
<cfparam name="username" default="xxxxx">
<cfparam name="ldapServer" default="xxxx.xxxx.com">
<cfparam name="dcStart" default="ou=Users & Groups,dc=xxxx,dc=com">
<cfldap action="QUERY" name="results" attributes="displayName,ti
<cfquery dbtype="query" name="results2">
SELECT DISTINCT department FROM results WHERE department != ''
</cfquery>
<cfquery dbtype="query" name="results3">
SELECT * FROM results WHERE lower(displayName) like lower('%#searchname#%')
</cfquery>
<cfif IsDefined("form.department
<cfquery dbtype="query" name="results4">
SELECT * FROM results WHERE lower(displayName) like lower('%#searchname#%') AND department Like '%#searchdept#%' Order BY department ASC
</cfquery>
</cfif>
<cfoutput>
<form action = "#CGI.SCRIPT_NAME#" method="post">
<p>Enter a name to search in the database.</p>
<p>Name <input type="Text" name="q" <cfif (IsDefined("form.q") AND form.q is not "")>value="#form.q#"</cfif
<select name="departments" <cfif (IsDefined("form.departmen
<option value="">All Departments</option>
</cfoutput>
<cfoutput query = "results2">
<option value="#department#" <cfif (IsDefined("form.departmen
</cfoutput>
</select>
<input type="Submit" value="Search" name="Search">
<cfif IsDefined("form.department
<cfoutput>
<p><strong>#results4.recor
</cfoutput>
<cfelse>
<cfoutput>
<p><strong>#results3.recor
</cfoutput>
</cfif>
<table width="100%" id="searchresults">
<!--- Display results --->
<cfif IsDefined("form.department
<cfif NOT(#results4.recordCount#
<tr>
<th>Name</th>
<th>Title</th>
<th>Department</th>
<th>Office</th>
<th>Phone</th>
<th>Fax</th>
<th>E-mail</th>
</tr>
</cfif>
<cfelse>
<cfif NOT(#results3.recordCount#
<tr>
<th>Name</th>
<th>Title</th>
<th>Department</th>
<th>Office</th>
<th>Phone</th>
<th>Fax</th>
<th>E-mail</th>
</tr>
</cfif>
</cfif>
<cfif IsDefined("form.department
<cfoutput query="results4">
<tbody>
<tr>
<td>#displayName#</td>
<td>#title#</td>
<td>#department#</td>
<td>#physicalDeliveryOffic
<td>#telephoneNumber#</td>
<td>#otherFacsimileTelepho
<td><a href="mailto:#mail#">#mail
</tr>
</tbody>
</cfoutput>
<cfelse>
<cfoutput query="results3">
<tbody>
<tr>
<td>#displayName#</td>
<td>#title#</td>
<td>#department#</td>
<td>#physicalDeliveryOffic
<td>#telephoneNumber#</td>
<td>#otherFacsimileTelepho
<td><a href="mailto:#mail#">#mail
</tr>
</tbody>
</cfoutput>
</cfif>
</table>
</cfif>
<cfset sortby = form.q>
<cfif (IsDefined("form.q") AND form.q is not "")>
<cfset filter = "(&(objectclass=user)">
<cfparam name="searchname" default="form.q">
<cfif (IsDefined("form.departmen
<cfparam name="searchdept" default="form.departments"
<cfset searchdept = form.departments>
</cfif>
<cfif (IsDefined("form.q") AND form.q is not "")>
<cfset filter = filter & "(displayName=#form.q#*)">
<cfset searchname = PreserveSingleQuotes(form.
</cfif>
<cfset filter = filter & ")">
<!--- make the LDAP query --->
<cfparam name="logindomain" default="xxxx">
<cfparam name="password" default="xxxxxxxxx">
<cfparam name="username" default="xxxxx">
<cfparam name="ldapServer" default="xxxx.xxxx.com">
<cfparam name="dcStart" default="ou=Users & Groups,dc=xxxx,dc=com">
<cfldap action="QUERY" name="results" attributes="displayName,ti
<cfquery dbtype="query" name="results2">
SELECT DISTINCT department FROM results WHERE department != ''
</cfquery>
<cfquery dbtype="query" name="results3">
SELECT * FROM results WHERE lower(displayName) like lower('%#searchname#%')
</cfquery>
<cfif IsDefined("form.department
<cfquery dbtype="query" name="results4">
SELECT * FROM results WHERE lower(displayName) like lower('%#searchname#%') AND department Like '%#searchdept#%' Order BY department ASC
</cfquery>
</cfif>
<cfoutput>
<form action = "#CGI.SCRIPT_NAME#" method="post">
<p>Enter a name to search in the database.</p>
<p>Name <input type="Text" name="q" <cfif (IsDefined("form.q") AND form.q is not "")>value="#form.q#"</cfif
<select name="departments" <cfif (IsDefined("form.departmen
<option value="">All Departments</option>
</cfoutput>
<cfoutput query = "results2">
<option value="#department#" <cfif (IsDefined("form.departmen
</cfoutput>
</select>
<input type="Submit" value="Search" name="Search">
<cfif IsDefined("form.department
<cfoutput>
<p><strong>#results4.recor
</cfoutput>
<cfelse>
<cfoutput>
<p><strong>#results3.recor
</cfoutput>
</cfif>
<table width="100%" id="searchresults">
<!--- Display results --->
<cfif IsDefined("form.department
<cfif NOT(#results4.recordCount#
<tr>
<th>Name</th>
<th>Title</th>
<th>Department</th>
<th>Office</th>
<th>Phone</th>
<th>Fax</th>
<th>E-mail</th>
</tr>
</cfif>
<cfelse>
<cfif NOT(#results3.recordCount#
<tr>
<th>Name</th>
<th>Title</th>
<th>Department</th>
<th>Office</th>
<th>Phone</th>
<th>Fax</th>
<th>E-mail</th>
</tr>
</cfif>
</cfif>
<cfif IsDefined("form.department
<cfoutput query="results4">
<tbody>
<tr>
<td>#displayName#</td>
<td>#title#</td>
<td>#department#</td>
<td>#physicalDeliveryOffic
<td>#telephoneNumber#</td>
<td>#otherFacsimileTelepho
<td><a href="mailto:#mail#">#mail
</tr>
</tbody>
</cfoutput>
<cfelse>
<cfoutput query="results3">
<tbody>
<tr>
<td>#displayName#</td>
<td>#title#</td>
<td>#department#</td>
<td>#physicalDeliveryOffic
<td>#telephoneNumber#</td>
<td>#otherFacsimileTelepho
<td><a href="mailto:#mail#">#mail
</tr>
</tbody>
</cfoutput>
</cfif>
</table>
</cfif>
The only other thing I suggest you try is (<cfqueryparam cfsqltype="cf_sql_varchar"
You will need to make sure "cf_sql_varchar" is the right value for your database column. You can find a table of the various options on the livedocs page for cfqueryparam.
You will need to make sure "cf_sql_varchar" is the right value for your database column. You can find a table of the various options on the livedocs page for cfqueryparam.
ASKER
My real problem that I'm having is that I can't modify the table that has the entries in it. It's being entered into the Active Directory. I don't have any permissions to modify the data. The table has someones name as o'brien. My query of query won't return o'brien as a result if you type in o'brien in the input field. If I use brien, then o'brien will show up in the results for the phonebook. I need to get this resolved asap.
ASKER
I really need this question answered
This may not be it, but first observation is that the following statement may not be giving you the value you want in searchvars.
<cfparam name="searchvars" default="form.displayName"
Above, the value of searchvars will be "form.displayname"
It should be
<cfparam name="searchvars" default="#form.displayName
So the value of searchVars gets whatever is in form.displayName.
Also, can you verify that when searching for "O'Brien" the record is found within the query "results" ?
You can do this my doing ..
<cfdump var="#results#">
and looking through the output to ensure O'Brien made it that far.
If you see it there, then, as you said, we focus on the query of queries to get those records (result3)
By the way. It seems that this ..
<cfparam name="searchvars" default="form.displayName"
Should really be this..
<cfset searchvars=form.displayNam
CFPARAM sets the variable to whatever is in 'default' only if it does not exist already.
If seems you don't really want to test to see if the variable exists or not, basically, you just want to set the value to form.displayName, regardless. So, use <CFSET instead.
... that's just a tangent, it won't solve it :)
ASKER
O'brien shows up in the search results, but I can't use o'brien to search for it, I have to use any thing after '. brien will work.
Please try this as your results3 query.
<cfquery name="results3" dbtype="query">
SELECT *
FROM results WHERE displayName like '%#preservesinglequotes(se
</cfquery>
If the above does not work, I'd like to see what it looks like when its run. You can find this if you have debugging turned on and scroll down the page to see all the queries. Locate this query and cut and paste it in here.
If you don't have debugging turned on, perhaps you can place just above the Results3 query and grab it from the screen when it displays in the browser...
<cfoutput> <!--- note its CFOUTPUT instead of cfquery ---->
SELECT *
FROM results
WHERE displayName like '%#preservesinglequotes(se
</cfoutput>
ASKER
Error Executing Database Query.
Query Of Queries syntax error.
Encountered "brien.
The error occurred in C:\Inetpub\intradev\phone\
68 : <cfquery dbtype="query" name="results3">
69 : SELECT * FROM results
70 : WHERE LOWER(displayName) LIKE '%#preservesinglequotes(se
71 :
72 : </cfquery>
Query Of Queries syntax error.
Encountered "brien.
The error occurred in C:\Inetpub\intradev\phone\
68 : <cfquery dbtype="query" name="results3">
69 : SELECT * FROM results
70 : WHERE LOWER(displayName) LIKE '%#preservesinglequotes(se
71 :
72 : </cfquery>
Well, you're absolutely right. Query of a query has a problem with single quotes and does NOT act the same as a normal query.
<cfset searchvars = "O'Brien">
A regular query to the database like this works perfectly fine:::
<cfquery name="results3" datasource="myDatabase">
SELECT * FROM results
WHERE displayName like '%#searchvars#%'
</cfoutput>
But doing the same thing with a query of a query fails with the error you showed.
* THIS DOES NOT WORK
<cfquery name="results3" dbtype="query">
SELECT * FROM results
WHERE displayName like '%#searchvars#%'
</cfoutput>
I found that this UGLY work-around does resolve the problem::
<cfset searchvars= replace(searchvars,"'","''
<cfquery name="results3" dbtype="query">
SELECT * FROM results
WHERE displayName like '%#searchvars#%'
</cfoutput>
This line changes a single quote to FOUR single quotes:
<cfset searchvars= replace(searchvars,"'","''
Here it is spaced out for read-ability (don't use this one):
<cfset searchvars= replace(searchvars, " ' " , " ' ' ' ' " )>
Of course, this makes your searchvars variable Only good for this search. If you need it for anything else, create a new variable for the query of query filter.
ASKER
I tried it and it's still not finding that result. I'm not getting the error anymore. Below is the revised code:
<cfset sortby = form.q>
<cfif (IsDefined("form.q") AND form.q is not "")>
<cfset filter = "(&(objectclass=user)">
<cfparam name="searchname" default="form.q">
<cfset searchname= replace(searchname,"'","''
<cfif (IsDefined("form.departmen
<cfparam name="searchdept" default="form.departments"
<cfset searchdept = form.departments>
</cfif>
<cfif (IsDefined("form.q") AND form.q is not "")>
<cfset filter = filter & "(displayName=#form.q#*)">
<cfset searchname = form.q>
</cfif>
<cfset filter = filter & ")">
<!--- make the LDAP query --->
<cfparam name="logindomain" default="amsa">
<cfparam name="password" default="joe@6257$">
<cfparam name="username" default="mquery">
<cfparam name="ldapServer" default="adc2.amsa.com">
<cfparam name="dcStart" default="ou=Users & Groups,dc=amsa,dc=com">
<!---<cfldap action="QUERY" name="results" attributes="displayName,ti
<cfldap action="QUERY" name="results" attributes="displayName,ti
<cfquery dbtype="query" name="results2">
SELECT DISTINCT department FROM results WHERE department != ''
</cfquery>
<cfquery dbtype="query" name="results3">
SELECT * FROM results
WHERE displayName LIKE '%#searchname#%'
</cfquery>
<cfif IsDefined("form.department
<cfquery dbtype="query" name="results4">
SELECT * FROM results
WHERE LOWER(displayName) LIKE LOWER('%#searchname#%')
AND department Like '%#searchdept#%' Order BY department ASC
</cfquery>
</cfif>
<cfset sortby = form.q>
<cfif (IsDefined("form.q") AND form.q is not "")>
<cfset filter = "(&(objectclass=user)">
<cfparam name="searchname" default="form.q">
<cfset searchname= replace(searchname,"'","''
<cfif (IsDefined("form.departmen
<cfparam name="searchdept" default="form.departments"
<cfset searchdept = form.departments>
</cfif>
<cfif (IsDefined("form.q") AND form.q is not "")>
<cfset filter = filter & "(displayName=#form.q#*)">
<cfset searchname = form.q>
</cfif>
<cfset filter = filter & ")">
<!--- make the LDAP query --->
<cfparam name="logindomain" default="amsa">
<cfparam name="password" default="joe@6257$">
<cfparam name="username" default="mquery">
<cfparam name="ldapServer" default="adc2.amsa.com">
<cfparam name="dcStart" default="ou=Users & Groups,dc=amsa,dc=com">
<!---<cfldap action="QUERY" name="results" attributes="displayName,ti
<cfldap action="QUERY" name="results" attributes="displayName,ti
<cfquery dbtype="query" name="results2">
SELECT DISTINCT department FROM results WHERE department != ''
</cfquery>
<cfquery dbtype="query" name="results3">
SELECT * FROM results
WHERE displayName LIKE '%#searchname#%'
</cfquery>
<cfif IsDefined("form.department
<cfquery dbtype="query" name="results4">
SELECT * FROM results
WHERE LOWER(displayName) LIKE LOWER('%#searchname#%')
AND department Like '%#searchdept#%' Order BY department ASC
</cfquery>
</cfif>
Check out this block of code...
<cfparam name="searchname" default="form.q">
<cfset searchname= replace(searchname,"'","''
>>> I feel that at this point the value of searchname = "form.q" litterally
>>> try adding this and see what it is: <cfoutput>#searchname#</cf
<cfif (IsDefined("form.departmen
<cfparam name="searchdept" default="form.departments"
<cfset searchdept = form.departments>
</cfif>
>>> Here, you assign searchname to form.q again
>>> But you didn't do the quote replace after this point
<cfif (IsDefined("form.q") AND form.q is not "")>
<cfset filter = filter & "(displayName=#form.q#*)">
<cfset searchname = form.q>
</cfif>
>>> try Moving this line to just before you need it in the query of query
>>> That way, you can modify or assign searchName wherever above and it
>>> will be applied right before the query.
<cfset searchname= replace(searchname,"'","''
<cfquery dbtype="query" name="results2">
SELECT * FROM results
WHERE displayName LIKE '%#searchname#%'
</cfquery>
<cfparam name="searchname" default="form.q">
<cfset searchname= replace(searchname,"'","''
>>> I feel that at this point the value of searchname = "form.q" litterally
>>> try adding this and see what it is: <cfoutput>#searchname#</cf
<cfif (IsDefined("form.departmen
<cfparam name="searchdept" default="form.departments"
<cfset searchdept = form.departments>
</cfif>
>>> Here, you assign searchname to form.q again
>>> But you didn't do the quote replace after this point
<cfif (IsDefined("form.q") AND form.q is not "")>
<cfset filter = filter & "(displayName=#form.q#*)">
<cfset searchname = form.q>
</cfif>
>>> try Moving this line to just before you need it in the query of query
>>> That way, you can modify or assign searchName wherever above and it
>>> will be applied right before the query.
<cfset searchname= replace(searchname,"'","''
<cfquery dbtype="query" name="results2">
SELECT * FROM results
WHERE displayName LIKE '%#searchname#%'
</cfquery>
ASKER
Here's the updated code:
<cfset sortby = form.q>
<cfif (IsDefined("form.q") AND form.q is not "")>
<cfset filter = "(&(objectclass=user)">
<cfparam name="searchname" default="#form.q#">
<cfset filter = filter & "(displayName=#searchname#
<cfif (IsDefined("form.departmen
<cfparam name="searchdept" default="#form.departments
<cfset searchdept = form.departments>
</cfif>
<cfset filter = filter & ")">
<!--- make the LDAP query --->
<cfparam name="logindomain" default="amsa">
<cfparam name="password" default="joe@6257$">
<cfparam name="username" default="mquery">
<cfparam name="ldapServer" default="adc2.amsa.com">
<cfparam name="dcStart" default="ou=Users & Groups,dc=amsa,dc=com">
<!---<cfldap action="QUERY" name="results" attributes="displayName,ti
<cfldap action="QUERY" name="results" attributes="displayName,ti
<cfquery dbtype="query" name="results2">
SELECT DISTINCT department FROM results WHERE department != ''
</cfquery>
<cfset searchname= replace(searchname,"'","''
<cfquery dbtype="query" name="results3">
SELECT * FROM results
WHERE displayName LIKE '%#searchname#%'
</cfquery>
<cfif IsDefined("form.department
<cfquery dbtype="query" name="results4">
SELECT * FROM results
WHERE LOWER(displayName) LIKE LOWER('%#searchname#%')
AND department Like '%#searchdept#%' Order BY department ASC
</cfquery>
I'm getting:
:: Phone Directory
0 matches found for o''''brien.
Enter a name to search in the database.
<cfset sortby = form.q>
<cfif (IsDefined("form.q") AND form.q is not "")>
<cfset filter = "(&(objectclass=user)">
<cfparam name="searchname" default="#form.q#">
<cfset filter = filter & "(displayName=#searchname#
<cfif (IsDefined("form.departmen
<cfparam name="searchdept" default="#form.departments
<cfset searchdept = form.departments>
</cfif>
<cfset filter = filter & ")">
<!--- make the LDAP query --->
<cfparam name="logindomain" default="amsa">
<cfparam name="password" default="joe@6257$">
<cfparam name="username" default="mquery">
<cfparam name="ldapServer" default="adc2.amsa.com">
<cfparam name="dcStart" default="ou=Users & Groups,dc=amsa,dc=com">
<!---<cfldap action="QUERY" name="results" attributes="displayName,ti
<cfldap action="QUERY" name="results" attributes="displayName,ti
<cfquery dbtype="query" name="results2">
SELECT DISTINCT department FROM results WHERE department != ''
</cfquery>
<cfset searchname= replace(searchname,"'","''
<cfquery dbtype="query" name="results3">
SELECT * FROM results
WHERE displayName LIKE '%#searchname#%'
</cfquery>
<cfif IsDefined("form.department
<cfquery dbtype="query" name="results4">
SELECT * FROM results
WHERE LOWER(displayName) LIKE LOWER('%#searchname#%')
AND department Like '%#searchdept#%' Order BY department ASC
</cfquery>
I'm getting:
:: Phone Directory
0 matches found for o''''brien.
Enter a name to search in the database.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I know this is an old question, but anyone who is searching for an answer to this should also note that using the cfqueryparam tag will escape single quotes for you and not add complexity.
<cfquery dbtype="query" name="result3">
SELECT *
FROM results
WHERE <cfqueryparam value="#searchvars#" cfsqltype="cf_sql_varchar">
</cfquery>
Sorry, that should have been:
<cfquery dbtype="query" name="result3">
SELECT *
FROM results
WHERE DisplayName LIKE <cfqueryparam value="%#searchvars#%" cfsqltype="cf_sql_varchar">
</cfquery>
<cfquery dbtype="query" name="results3">
SELECT * FROM results WHERE lower(displayName) like lower('%#preservesinglequo
</cfquery>