Build dynamic coldfusion query with cfqueryparam
Posted on 2012-03-29
Coldfusion 8 SQL Server 2005
I have forms that submit multiple combinations of parameters. In the past I have
called a custom tag to keep appending critieria to build the criteria. This works fine but no cfqueryparam protection. Also The form is now going to pass parameters in url rather than form fields.
The custom tag used to work fine (without cfquerparm as below)
<CFIF Attributes.operator is 'EQUAL'> <CFSET Criteria = Criteria & " = '#Value#' ">
Now I have tried many different things to include cfqueryparam and cant get it to work
<CFSET Criteria = Criteria & " = " & "<cfqueryparam cfsqltype='CF_SQL_CHAR' value=" & '#value#' &">" >
When I do a test outpui it looks like this:
(Members.MembershipStatus = '' AND Members.ActiveInactive = '' AND Members.ArchiveFlag = ''
It used to be fine like this
(Members.MembershipStatus = 'paid' AND Members.ActiveInactive = 'active' AND Members.ArchiveFlag = 'No' ..... etc
I dont want to do massive if Isdefined statements as there are so many combinations of params that can be passed in. Thanks for your help