替换ColdFusion损坏SQL查询

我有下面的MySQL查询，它导致错误，错误也在下面。从数据库替换ColdFusion损坏SQL查询

SELECT DISTINCT s.id as id, s.auctioneer as auctioneer, s.advertType as advertType, s.saleType as saleType, an.name as auctioneerName, st.entryCopy as saleTypeName, at.entryCopy as advertTypeName, s.heading AS heading, sl.city AS city, sd.id AS sdId, sd.startDate AS startDate 
FROM sales s 
LEFT JOIN saleloc sl ON sl.saleId = s.id 
LEFT JOIN saledates sd ON sd.saleLoc = sl.id, auctioneers an, lookupcopy st, lookupcopy at 
'WHERE s.advertType > 0 
AND s.saleType > 0 
AND sl.region = "2" ' 
AND s.id = sd.saleId 
AND sl.saleId = s.id 
AND an.id = s.auctioneer 
AND st.id = s.saleType 
AND at.id = s.advertType 
GROUP BY id 
ORDER BY startDate, auctioneerName, city

SELECT DISTINCT s.id as id, s.auctioneer as auctioneer, s.advertType as advertType, s.saleType as saleType, an.name as auctioneerName, st.entryCopy as saleTypeName, at.entryCopy as advertTypeName, s.heading AS heading, sl.city AS city, sd.id AS sdId, sd.startDate AS startDate 
    FROM sales s LEFT JOIN saleloc sl ON sl.saleId = s.id LEFT JOIN saledates sd ON sd.saleLoc = sl.id, 
      auctioneers an, 
      lookupcopy st, 
      lookupcopy at 
    #replace(findWhere,"''","'","all")# AND 
    s.id = sd.saleId AND sl.saleId = s.id 
    AND an.id = s.auctioneer 
    AND st.id = s.saleType 
    AND at.id = s.advertType 
    GROUP BY id  
    ORDER BY startDate, auctioneerName, city

的错误，我没有写这个代码，我不知道为什么被使用的#Replace（）＃的，任何人都可以看到如何解决语法错误这是造成的？

来源

2010-12-20 i-CONICA

Before the query code, do a replace as follows: 

<cfset findWhere = Replace(findWhere, "''", "'", "ALL")# 
<cfif Left(findWhere, 1) EQ "'"> 
    <cfset findWhere = Right(findWhere, Len(findWhere) - 1)> 
</cfif> 
<cfif Right(findWhere, 1) EQ "'"> 
    <cfset findWhere = Left(findWhere, Len(findWhere) - 1)> 
</cfif> 

<cfquery name="qry" datasource="mysql"> 
SELECT DISTINCT s.id as id, s.auctioneer as auctioneer, s.advertType as advertType, s.saleType as saleType, an.name as auctioneerName, st.entryCopy as saleTypeName, at.entryCopy as advertTypeName, s.heading AS heading, sl.city AS city, sd.id AS sdId, sd.startDate AS startDate 
FROM sales s 
LEFT JOIN saleloc sl ON sl.saleId = s.id 
LEFT JOIN saledates sd ON sd.saleLoc = sl.id, 
     auctioneers an, 
     lookupcopy st, 
     lookupcopy at 
#findWhere# AND 
s.id = sd.saleId AND sl.saleId = s.id 
AND an.id = s.auctioneer 
AND st.id = s.saleType 
AND at.id = s.advertType 
GROUP BY id  
ORDER BY startDate, auctioneerName, city 
</cfquery>

来源

2010-12-20 16:48:22 eapen

此外，我不确定MySQL是否正确与双引号，您可能需要用双引号替换双引号围绕区域变量。 – eapen 2010-12-20 16:49:29

存储在findWhere中的值在字符串的开始和结尾包含单引号。

来源

2010-12-20 16:09:05 yfeldblum

嗨，谢谢。任何想法的补救措施？我如何解决这个问题？ – 2010-12-20 16:12:02

找出数据为什么会以这种方式来到你身边，并在适当的位置纠正这个问题（无论是“findWhere”还是潜在的上游）。 – yfeldblum 2010-12-20 22:24:30

另一个说明：除非您在没有任何直接用户输入值的情况下创建findWhere，否则您需要保护它。

更好地做到：

... 
WHERE 1= 1 
<cfif listFind('foo' , findWhere)> 
foo= 2 

<cfelseif listFind('bar' , findWhere)> 
bar= 209 

</cfif> 
...

来源

2010-12-20 16:28:14

嗨。你的回答让我完全困惑，我不是CF开发人员，在我们离开时我不得不试着解决这个问题。我的技能在其他地方。你能否详细说明一下？谢谢。 – 2010-12-20 16:34:34

在CF中使用来保护您的查询。其中s.id = – 2011-01-05 21:34:48

只是为了澄清，我不相信你可以在同一个查询做不同和一群以声明。

他们都做同样的事情，但由于不同的原因。

来源

2011-03-14 15:43:21 crosenblum

替换ColdFusion损坏SQL查询

回答

相关问题