Solved

Syntax error in UPDATE statement

Posted on 2009-03-30
8
134 Views
Last Modified: 2013-12-24
when I try to submit the query below I am getting a syntax error. It shows the error is on the Where clause line.

FORM.SiteTranslationTestID is numeric

what am I doing wrong?
<cfquery name="MttestUpdate" datasource="#application.DS#" username="#application.dbuser#" password="#application.dbpass#">
UPDATE tblTranslationTestSite
SET	TranslationTestReference	=	'#form.JobAdReference#',
	TranslationTest	=		'#form.TranslationTest#',
	Instructions	=	'#form.TranslationTestInstructions#',
WHERE SiteTranslationTestID = #FORM.SiteTranslationTestID#
</cfquery>

Open in new window

0
Comment
Question by:Shawn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
8 Comments
 
LVL 143

Accepted Solution

by:
Guy Hengel [angelIII / a3] earned 500 total points
ID: 24023137
remove the "," before the WHERE.
0
 
LVL 143

Expert Comment

by:Guy Hengel [angelIII / a3]
ID: 24023145
aka:
<cfquery name="MttestUpdate" datasource="#application.DS#" username="#application.dbuser#" password="#application.dbpass#">
UPDATE tblTranslationTestSite
SET      TranslationTestReference      =      '#form.JobAdReference#'
  ,    TranslationTest      =            '#form.TranslationTest#'
  ,    Instructions      =      '#form.TranslationTestInstructions#'
WHERE SiteTranslationTestID = #FORM.SiteTranslationTestID#
</cfquery>

Open in new window

0
 
LVL 1

Author Comment

by:Shawn
ID: 24023210
can't believe it. I've been staring at it for an hour!

thanks angelIII: :-D
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 52

Expert Comment

by:_agx_
ID: 24029026
> WHERE SiteTranslationTestID = #FORM.SiteTranslationTestID#

You should also consider using cfqueryparam on all values to help avoid sql injection. For example:

WHERE SiteTranslationTestID = <cfqueryparam value="#FORM.SiteTranslationTestID#" cfsqltype="cf_sql_integer">
0
 
LVL 1

Author Comment

by:Shawn
ID: 24029095
good point agx,
I'm not very familiar with sql injection but am aware I have to go through my whole site to close any possible leaks. Any advice on this or helpful links?...I could open another question for this one. Let me know.
thanks,
Shawn
0
 
LVL 52

Expert Comment

by:_agx_
ID: 24029121
I would start by using a tool like the ones listed here to look for queries that are not using cfqueryparam.  IIRC, they do not update the code but do show you vulnerable queries:
http://www.coldfusionjedi.com/index.cfm/2008/7/29/What-Folks-arent-using-cfqueryparam
0
 
LVL 1

Author Comment

by:Shawn
ID: 24030776
thanks again. looks like a great place to get started. :)
0
 
LVL 52

Expert Comment

by:_agx_
ID: 24031258
Welcome!
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A web service (http://en.wikipedia.org/wiki/Web_service) is a software related technology that facilitates machine-to-machine interaction over a network. This article helps beginners in creating and consuming a web service using the ColdFusion Ma…
Most ColdFusion developers get confused between the CFSet, Duplicate, and Structcopy methods of copying a Structure, especially which one to use when. This Article will explain the differences in the approaches with examples; therefore, after readin…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question