How to Add an AND clause using the ListQUalify Function

Posted on 2014-02-16
Last Modified: 2014-02-23

   I'm trying to ad an "AND" clause to the code below.  In other words, the logic needs to be as follows:

        SELECT Field1, Field2
            FROM table1
          WHERE field1 IN (#listQualify(newList, "'")#)
              AND field2  IN ((#listQualify(newList, "'")#)  - (Can't get this one to work).

=========================START CODE  ============================

<cffunction name="getEngagementCommittee" access="public" returntype="any"><!---   Populate city based on the state we have selected --->  
            <cfargument name="getCodes" type="string" required="yes">
              <cfset resultSet="">  
                        <cfset newList = "">
                        <cfloop list="#getCodes#"    index="j" >
                                <cfset newList = listAppend(trim(j),newList,",")>                                
                    <cfquery name="resultSet"  datasource="#db.dbName#"  username="#db.dbUserName#" password="#db.dbPassword#">
 select committee_code code, committee_code||' - '||short_desc description ,short_desc
 from advance.committee_header
where committee_group_code in (#listQualify(newList, "'")#)  

NOTE: Below is where I need the AND clause.  It does NOT work.  I think SYNTAX issue.

     AND parent_committee_group IN (#listQualify(newList, "'")#)

order by short_desc

            <cfreturn resultSet>

=========================END CODE  ============================

 Thank you!
Question by:henderxe
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 16

Expert Comment

by:Gurpreet Singh Randhawa
ID: 39864416
Just split it like this:

<cffunction name="getEngagementCommittee" access="public" returntype="any"><!---   Populate city based on the state we have selected --->  
            <cfargument name="getCodes" type="string" required="yes">
              <cfset resultSet="">  
                        <cfset newList = "">
                        <cfloop list="#getCodes#"    index="j" >
                                <cfset newList = listAppend(trim(j),newList,",")>                                
<cfset newQualifiedLst = listQualify(newList, "'")>
                    <cfquery name="resultSet"  datasource="#db.dbName#"  username="#db.dbUserName#" password="#db.dbPassword#">
 select committee_code code, committee_code||' - '||short_desc description ,short_desc
 from advance.committee_header
where committee_group_code in (<cfqueryparam cfsqltype="cf_sql_varchar" value="#newQualifiedLst#" list="yes">)  

     AND parent_committee_group IN (<cfqueryparam cfsqltype="cf_sql_varchar" value="#newQualifiedLst#" list="yes">)

order by short_desc

            <cfreturn resultSet>

Open in new window

Ok, getCodes is coming as comma separated list, right

you are just adding the quotes around the list you having, correct me if i am wrong

if i am correct you can merge the listappend and listqualify in the single call inside the loop rather than doing it again after the loop.
LVL 16

Accepted Solution

Gurpreet Singh Randhawa earned 500 total points
ID: 39864425
also if you can show me what getCodes is coming as like dump the getcodes value and show me what value is coming, it might be some kind of single or double quote issue,
LVL 52

Expert Comment

ID: 39865178
(no points...)

Yeah, don't use #listQualify(newList, "'")# in queries. Aside from possibly causing syntax errors if the values contain quotes, it may also expose your database to sql injection.

As mentioned above, use <cfqueryparam> with the "list" attribute. That attribute tells the db to treat the input as a list of individual values, and eliminates the need for quoting. It should solve your issue.

Side note - don't forget to var scope ALL of the function local variables:  "j", "newList", "resultSet", etc....

Author Closing Comment

ID: 39881306
Tnank you for the solution, as well as all the other useful comments.


Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hi, I will be creating today a basic tutorial on how we can create a Mail Custom Function and use it where ever we want. The main advantage about creating a custom function is that we can accommodate a range of arguments to pass to the Function and …
Article by: kevp75
Hey folks, 'bout time for me to come around with a little tip. Thanks to IIS 7.5 Extensions and Microsoft (well... really Windows 8, and IIS 8 I guess...), we can now prime our Application Pools, when IIS starts. Now, though it would be nice t…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Suggested Courses

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question