Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Coldfusion ImageGetBlob error

Posted on 2012-03-25
8
Medium Priority
?
453 Views
Last Modified: 2012-03-27
Hi,

I'm trying to insert an image into an SQL database using "ImageGetBlob". From what I'm gathering, I've written the insert correctly, but I get some funny errors (details below).

So first up my code is this:

<cfimage source="image.jpg" name="myImage">

<cfquery name="insert_img" datasource="111">

    INSERT into table(fkDocumentTypeID2, document2)
    VALUES ('ea6ebc4f-201d-4da9-832f-33aae3eeb234',
    <cfqueryparam value="#ImageGetBlob(myImage)#" cfsqltype='cf_sql_blob'>)
    WHERE fkid = '7396dd97-de0c-4ba5-8ac9-6d213345fb8d'

</cfquery>

Open in new window


When I run this coldfusion brings back the following error:

"ErrorCode       156
Message       [Macromedia][SQLServer JDBC Driver][SQLServer]Incorrect syntax near the keyword 'WHERE'. "

So I add single quotes around the query param:

<cfimage source="image.jpg" name="myImage">

<cfquery name="insert_img" datasource="111">

    INSERT into table(fkDocumentTypeID2, document2)
    VALUES ('ea6ebc4f-201d-4da9-832f-33aae3eeb234',
    '<cfqueryparam value="#ImageGetBlob(myImage)#" cfsqltype='cf_sql_blob'>')
    WHERE fkid = '7396dd97-de0c-4ba5-8ac9-6d213345fb8d'

</cfquery>

Open in new window


Not sure if that is correct or not but the next error i get is this (could be caused by the single quotes?):

"ErrorCode       0
Message       [Macromedia][SQLServer JDBC Driver] Invalid parameter binding(s)."


So if anyone can help me out with this that would be much appreciated.
0
Comment
Question by:CurtinProp
  • 4
  • 3
8 Comments
 
LVL 36

Assisted Solution

by:SidFishes
SidFishes earned 920 total points
ID: 37766501
you -don't use quotes around cfquery param.


at a quick look and guess, I think the issue is that you've used single quotes in the tag

<cfqueryparam value="#ImageGetBlob(myImage)#" cfsqltype='cf_sql_blob'>

should be

<cfqueryparam value="#ImageGetBlob(myImage)#" cfsqltype="cf_sql_blob">)
0
 
LVL 52

Assisted Solution

by:_agx_
_agx_ earned 1080 total points
ID: 37766743
Also INSERT statements can't have a WHERE clause. So make the changes Sid suggested above and remove the where clause.
0
 
LVL 36

Expert Comment

by:SidFishes
ID: 37766803
ha - missed that completely. That's probably the issue. - single quote inside the cfqp tag are probably fine (if not standard)

the where in an insert would certainly be "Incorrect syntax near the keyword 'WHERE'. ""

:)
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 52

Expert Comment

by:_agx_
ID: 37766847
> single quote inside the cfqp tag are probably fine (if not standard)

Yeah, but not the way they have them ;-) I think that's at least part of the problem. Because it's like saying insert the literal words:

          (singlequote)<cfqueryparam value="...." cfsqltype="....">(singlequote)

         ... instead of it being evaluated as usual

          <cfqueryparam value="...." cfsqltype='...'>    <=== look ma, no surrounding quotes!
0
 
LVL 36

Expert Comment

by:SidFishes
ID: 37766899
the first code snip just had them inside the tag (which should be ok), the second around the tag ("you -don't use quotes around cfquery param.")

as you noted the first snip should work -without- the where clause
0
 
LVL 52

Accepted Solution

by:
_agx_ earned 1080 total points
ID: 37767132
My take was they put them outside too. ie "So I add single quotes around the query param"

So they need both fixes:
1)Remove the single quotes around cfqueryparam
2) Remove the WHERE clause

ie
<cfquery name="insert_img" datasource="111">
    INSERT into table(fkDocumentTypeID2, document2)
    VALUES (
          <cfqueryparam value="ea6ebc4f-201d-4da9-832f-33aae3eeb234" cfsqltype="cf_sql_varchar">
         , <cfqueryparam value="#ImageGetBlob(myImage)#" cfsqltype="cf_sql_blob">
    )
</cfquery>

Open in new window

0
 
LVL 2

Author Comment

by:CurtinProp
ID: 37769871
Thanks guys, my brain was obviously fried at the time, I was in fact trying to perform an update not an insert which definitely threw a spanner in the works.

I'll be splitting the points as I feel you both contributed to the solution. Hope thats cool.
0
 
LVL 52

Expert Comment

by:_agx_
ID: 37771962
I'll be splitting the points as I feel you both contributed to the solution. Hope thats cool.

Totally. Thanks CurtinProp.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is an updated version of a post made on my blog over 3 years ago. It is unfortunately, still very relevant as we continue to see both SQLi (SQL injection) and XSS (cross site scripting) attacks hitting some of the most recognizable website and …
Hi. There are several upload tutorials using jquery and coldfusion. I found a very interesting one here Upload Your Files using Jquery & ColdFusion and Preview them (http://www.randhawaworld.com/) . I did keep the main js functions but made sever…
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
Loops Section Overview
Suggested Courses
Course of the Month11 days, 14 hours left to enroll

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question