Solved

Syntax error in UPDATE statement

Posted on 2009-03-30
8
131 Views
Last Modified: 2013-12-24
when I try to submit the query below I am getting a syntax error. It shows the error is on the Where clause line.

FORM.SiteTranslationTestID is numeric

what am I doing wrong?
<cfquery name="MttestUpdate" datasource="#application.DS#" username="#application.dbuser#" password="#application.dbpass#">
UPDATE tblTranslationTestSite
SET	TranslationTestReference	=	'#form.JobAdReference#',
	TranslationTest	=		'#form.TranslationTest#',
	Instructions	=	'#form.TranslationTestInstructions#',
WHERE SiteTranslationTestID = #FORM.SiteTranslationTestID#
</cfquery>

Open in new window

0
Comment
Question by:Shawn
  • 3
  • 3
  • 2
8 Comments
 
LVL 142

Accepted Solution

by:
Guy Hengel [angelIII / a3] earned 500 total points
ID: 24023137
remove the "," before the WHERE.
0
 
LVL 142

Expert Comment

by:Guy Hengel [angelIII / a3]
ID: 24023145
aka:
<cfquery name="MttestUpdate" datasource="#application.DS#" username="#application.dbuser#" password="#application.dbpass#">
UPDATE tblTranslationTestSite
SET      TranslationTestReference      =      '#form.JobAdReference#'
  ,    TranslationTest      =            '#form.TranslationTest#'
  ,    Instructions      =      '#form.TranslationTestInstructions#'
WHERE SiteTranslationTestID = #FORM.SiteTranslationTestID#
</cfquery>

Open in new window

0
 
LVL 1

Author Comment

by:Shawn
ID: 24023210
can't believe it. I've been staring at it for an hour!

thanks angelIII: :-D
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 52

Expert Comment

by:_agx_
ID: 24029026
> WHERE SiteTranslationTestID = #FORM.SiteTranslationTestID#

You should also consider using cfqueryparam on all values to help avoid sql injection. For example:

WHERE SiteTranslationTestID = <cfqueryparam value="#FORM.SiteTranslationTestID#" cfsqltype="cf_sql_integer">
0
 
LVL 1

Author Comment

by:Shawn
ID: 24029095
good point agx,
I'm not very familiar with sql injection but am aware I have to go through my whole site to close any possible leaks. Any advice on this or helpful links?...I could open another question for this one. Let me know.
thanks,
Shawn
0
 
LVL 52

Expert Comment

by:_agx_
ID: 24029121
I would start by using a tool like the ones listed here to look for queries that are not using cfqueryparam.  IIRC, they do not update the code but do show you vulnerable queries:
http://www.coldfusionjedi.com/index.cfm/2008/7/29/What-Folks-arent-using-cfqueryparam
0
 
LVL 1

Author Comment

by:Shawn
ID: 24030776
thanks again. looks like a great place to get started. :)
0
 
LVL 52

Expert Comment

by:_agx_
ID: 24031258
Welcome!
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Have you ever sent email via ColdFusion and thought of tracking this mail to capture the exact date and time when the message was opened ?  If yes, then this article is for you ! First we need a table user_email with columns user_id , email , sub…
Introduction This article explores the design of a cache system that can improve the performance of a web site or web application.  The assumption is that the web site has many more “read” operations than “write” operations (this is commonly the ca…
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
In a recent question (https://www.experts-exchange.com/questions/28997919/Pagination-in-Adobe-Acrobat.html) here at Experts Exchange, a member asked how to add page numbers to a PDF file using Adobe Acrobat XI Pro. This short video Micro Tutorial sh…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question