Solved

How to Add an AND clause using the ListQUalify Function

Posted on 2014-02-16
4
281 Views
Last Modified: 2014-02-23
Hello:

   I'm trying to ad an "AND" clause to the code below.  In other words, the logic needs to be as follows:

        SELECT Field1, Field2
            FROM table1
          WHERE field1 IN (#listQualify(newList, "'")#)
              AND field2  IN ((#listQualify(newList, "'")#)  - (Can't get this one to work).


=========================START CODE  ============================

<cffunction name="getEngagementCommittee" access="public" returntype="any"><!---   Populate city based on the state we have selected --->  
            <cfargument name="getCodes" type="string" required="yes">
              <cfset resultSet="">  
                        <cfset newList = "">
                        <cfloop list="#getCodes#"    index="j" >
                                <cfset newList = listAppend(trim(j),newList,",")>                                
                    </cfloop>
                    <cfquery name="resultSet"  datasource="#db.dbName#"  username="#db.dbUserName#" password="#db.dbPassword#">
 select committee_code code, committee_code||' - '||short_desc description ,short_desc
 from advance.committee_header
where committee_group_code in (#listQualify(newList, "'")#)  

NOTE: Below is where I need the AND clause.  It does NOT work.  I think SYNTAX issue.

     AND parent_committee_group IN (#listQualify(newList, "'")#)

order by short_desc

                </cfquery>    
            <cfreturn resultSet>
      </cffunction>

=========================END CODE  ============================

 Thank you!
0
Comment
Question by:henderxe
  • 2
4 Comments
 
LVL 15

Expert Comment

by:Gurpreet Singh Randhawa
ID: 39864416
Just split it like this:

<cffunction name="getEngagementCommittee" access="public" returntype="any"><!---   Populate city based on the state we have selected --->  
            <cfargument name="getCodes" type="string" required="yes">
              <cfset resultSet="">  
                        <cfset newList = "">
                        <cfloop list="#getCodes#"    index="j" >
                                <cfset newList = listAppend(trim(j),newList,",")>                                
                    </cfloop>
<cfset newQualifiedLst = listQualify(newList, "'")>
                    <cfquery name="resultSet"  datasource="#db.dbName#"  username="#db.dbUserName#" password="#db.dbPassword#">
 select committee_code code, committee_code||' - '||short_desc description ,short_desc
 from advance.committee_header
where committee_group_code in (<cfqueryparam cfsqltype="cf_sql_varchar" value="#newQualifiedLst#" list="yes">)  

     AND parent_committee_group IN (<cfqueryparam cfsqltype="cf_sql_varchar" value="#newQualifiedLst#" list="yes">)

order by short_desc

                </cfquery>    
            <cfreturn resultSet>
      </cffunction>

Open in new window


Ok, getCodes is coming as comma separated list, right

you are just adding the quotes around the list you having, correct me if i am wrong


if i am correct you can merge the listappend and listqualify in the single call inside the loop rather than doing it again after the loop.
0
 
LVL 15

Accepted Solution

by:
Gurpreet Singh Randhawa earned 500 total points
ID: 39864425
also if you can show me what getCodes is coming as like dump the getcodes value and show me what value is coming, it might be some kind of single or double quote issue,
0
 
LVL 52

Expert Comment

by:_agx_
ID: 39865178
(no points...)

Yeah, don't use #listQualify(newList, "'")# in queries. Aside from possibly causing syntax errors if the values contain quotes, it may also expose your database to sql injection.

As mentioned above, use <cfqueryparam> with the "list" attribute. That attribute tells the db to treat the input as a list of individual values, and eliminates the need for quoting. It should solve your issue.

Side note - don't forget to var scope ALL of the function local variables:  "j", "newList", "resultSet", etc....
0
 

Author Closing Comment

by:henderxe
ID: 39881306
Tnank you for the solution, as well as all the other useful comments.

henderxe
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

PROBLEM: How to add your own buttons to the bottom toolbar with paging info ( result count ). While creating a cfgrid, I ran into an issue where I wanted to embed my own custom buttons where the default ones ( insert / delete / etc… ) are for aes…
One of the typical problems I have experienced is when you have to move a web server from one hosting site to another. You normally prepare all on the new host, transfer the site, change DNS and cross your fingers hoping all will be ok on new server…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now