Dynamic tablename in DAO.cfc?
https://stackoverflow.com/questions/1310044
-
19-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'm writing a subsystem that tables might be renamed from project to project.
Instead of asking the user of my subsystem to search & replace before using it, does this work?
<cfquery name="local.foo" datasource="#dsn#">
SELECT col1, col2, col3
FROM #tableName#
</cfquery>
Without <cfqueryparam>, will it become non-cacheable? or any other issues? (assume SQL-injection is not an issue)
I don't think I can use <cfqueryparam> for table name, right?
Thanks.
Solution
That'll work, sure. CF simply converts all variables to their values and sends the string to the database driver.
Be very, very careful, though. As you've implied, this could set you up for some nasty SQL injection.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
