Solved

Syntax error in UPDATE statement

Posted on 2009-03-30
8
130 Views
Last Modified: 2013-12-24
when I try to submit the query below I am getting a syntax error. It shows the error is on the Where clause line.

FORM.SiteTranslationTestID is numeric

what am I doing wrong?
<cfquery name="MttestUpdate" datasource="#application.DS#" username="#application.dbuser#" password="#application.dbpass#">

UPDATE tblTranslationTestSite

SET	TranslationTestReference	=	'#form.JobAdReference#',

	TranslationTest	=		'#form.TranslationTest#',

	Instructions	=	'#form.TranslationTestInstructions#',

WHERE SiteTranslationTestID = #FORM.SiteTranslationTestID#

</cfquery>

Open in new window

0
Comment
Question by:Shawn
  • 3
  • 3
  • 2
8 Comments
 
LVL 142

Accepted Solution

by:
Guy Hengel [angelIII / a3] earned 500 total points
ID: 24023137
remove the "," before the WHERE.
0
 
LVL 142

Expert Comment

by:Guy Hengel [angelIII / a3]
ID: 24023145
aka:
<cfquery name="MttestUpdate" datasource="#application.DS#" username="#application.dbuser#" password="#application.dbpass#">
UPDATE tblTranslationTestSite
SET      TranslationTestReference      =      '#form.JobAdReference#'
  ,    TranslationTest      =            '#form.TranslationTest#'
  ,    Instructions      =      '#form.TranslationTestInstructions#'
WHERE SiteTranslationTestID = #FORM.SiteTranslationTestID#
</cfquery>

Open in new window

0
 
LVL 1

Author Comment

by:Shawn
ID: 24023210
can't believe it. I've been staring at it for an hour!

thanks angelIII: :-D
0
 
LVL 52

Expert Comment

by:_agx_
ID: 24029026
> WHERE SiteTranslationTestID = #FORM.SiteTranslationTestID#

You should also consider using cfqueryparam on all values to help avoid sql injection. For example:

WHERE SiteTranslationTestID = <cfqueryparam value="#FORM.SiteTranslationTestID#" cfsqltype="cf_sql_integer">
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 1

Author Comment

by:Shawn
ID: 24029095
good point agx,
I'm not very familiar with sql injection but am aware I have to go through my whole site to close any possible leaks. Any advice on this or helpful links?...I could open another question for this one. Let me know.
thanks,
Shawn
0
 
LVL 52

Expert Comment

by:_agx_
ID: 24029121
I would start by using a tool like the ones listed here to look for queries that are not using cfqueryparam.  IIRC, they do not update the code but do show you vulnerable queries:
http://www.coldfusionjedi.com/index.cfm/2008/7/29/What-Folks-arent-using-cfqueryparam
0
 
LVL 1

Author Comment

by:Shawn
ID: 24030776
thanks again. looks like a great place to get started. :)
0
 
LVL 52

Expert Comment

by:_agx_
ID: 24031258
Welcome!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Have you ever sent email via ColdFusion and thought of tracking this mail to capture the exact date and time when the message was opened ?  If yes, then this article is for you ! First we need a table user_email with columns user_id , email , sub…
Article by: kevp75
Hey folks, 'bout time for me to come around with a little tip. Thanks to IIS 7.5 Extensions and Microsoft (well... really Windows 8, and IIS 8 I guess...), we can now prime our Application Pools, when IIS starts. Now, though it would be nice t…
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now