Syntax error in UPDATE statement

when I try to submit the query below I am getting a syntax error. It shows the error is on the Where clause line.

FORM.SiteTranslationTestID is numeric

what am I doing wrong?
<cfquery name="MttestUpdate" datasource="#application.DS#" username="#application.dbuser#" password="#application.dbpass#">
UPDATE tblTranslationTestSite
SET	TranslationTestReference	=	'#form.JobAdReference#',
	TranslationTest	=		'#form.TranslationTest#',
	Instructions	=	'#form.TranslationTestInstructions#',
WHERE SiteTranslationTestID = #FORM.SiteTranslationTestID#
</cfquery>

Open in new window

LVL 1
ShawnAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Guy Hengel [angelIII / a3]Connect With a Mentor Billing EngineerCommented:
remove the "," before the WHERE.
0
 
Guy Hengel [angelIII / a3]Billing EngineerCommented:
aka:
<cfquery name="MttestUpdate" datasource="#application.DS#" username="#application.dbuser#" password="#application.dbpass#">
UPDATE tblTranslationTestSite
SET      TranslationTestReference      =      '#form.JobAdReference#'
  ,    TranslationTest      =            '#form.TranslationTest#'
  ,    Instructions      =      '#form.TranslationTestInstructions#'
WHERE SiteTranslationTestID = #FORM.SiteTranslationTestID#
</cfquery>

Open in new window

0
 
ShawnAuthor Commented:
can't believe it. I've been staring at it for an hour!

thanks angelIII: :-D
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

 
_agx_Commented:
> WHERE SiteTranslationTestID = #FORM.SiteTranslationTestID#

You should also consider using cfqueryparam on all values to help avoid sql injection. For example:

WHERE SiteTranslationTestID = <cfqueryparam value="#FORM.SiteTranslationTestID#" cfsqltype="cf_sql_integer">
0
 
ShawnAuthor Commented:
good point agx,
I'm not very familiar with sql injection but am aware I have to go through my whole site to close any possible leaks. Any advice on this or helpful links?...I could open another question for this one. Let me know.
thanks,
Shawn
0
 
_agx_Commented:
I would start by using a tool like the ones listed here to look for queries that are not using cfqueryparam.  IIRC, they do not update the code but do show you vulnerable queries:
http://www.coldfusionjedi.com/index.cfm/2008/7/29/What-Folks-arent-using-cfqueryparam
0
 
ShawnAuthor Commented:
thanks again. looks like a great place to get started. :)
0
 
_agx_Commented:
Welcome!
0
All Courses

From novice to tech pro — start learning today.