SQL error with “new query()” in ColdFusion / Railo script
https://stackoverflow.com/questions/9298032
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I get a very unhelpful SQL error from Railo when trying to do an insert. I think it has something to do with the :param values I am passing to it; as when I take these out and replace them with a simple string, it works.
Here's my code (which sits inside a CFC):
local.registerUserQuery = new query();
local.registerUserQuery.setDatasource("popwave");
local.registerUserQuery.setSQL("
INSERT INTO users (
userUUID,
userName,
userPassword,
userEmail,
userToken,
userCreated,
userBiography,
userCommentPoints,
userLinkPoints,
userImageID,
userRemoved,
userCategoriesOwner,
userCategoriesSubscribed
)
VALUES (
'#createUUID()#' ,
:userName ,
:userPassword ,
:userEmail ,
'#local.token#' ,
#createODBCDate(now())# ,
'' ,
0,
0,
0,
0,
0,
0
)
");
local.registerUserQuery.setName("registerUser");
local.registerUserQuery.addParam( name="userName", value="#arguments.userName#", cfsqltype="cf_sql_varchar" );
local.registerUserQuery.addParam( name="userPassword", value="#arguments.userPassword#", cfsqltype="cf_sql_varchar" );
local.registerUserQuery.addParam( name="userEmail", value="#arguments.userEmail#", cfsqltype="cf_sql_varchar" );
local.registerUserQuery.execute();
I cannot understand for the life of me why this is throwing an error! I need to be able to use :param's.
Here's the Railo error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 49
Examining that line number does not seem to point to anything related. This query is on something like line 200! And, as mentioned earlier...the SQL seems to work when I replace these :param values.
Is there actually something I am doing wrong here? Pulling my hair out!
Thanks, Michael.
EDIT:
Forgot to mention, the Railo version is:
Railo 3.3.1.000 Error (database)
Solution
Sounds like you are experiencing issue RAILO-1281 which should be fixed in 3.3.1.005.
"RAILO-1281: When doing a query INSERT with CFScript "new query()" and using a cfqueryparam with addParam(), the end ")" is removed"
As an aside, you should use addParam for all of the dynamic values.
OTHER TIPS
Try this
local.registerUserQuery.setSQL(reReplace("
INSERT INTO users (
userUUID,
userName,
userPassword,
userEmail,
userToken,
userCreated,
userBiography,
userCommentPoints,
userLinkPoints,
userImageID,
userRemoved,
userCategoriesOwner,
userCategoriesSubscribed
)
VALUES (
'#createUUID()#' ,
:userName ,
:userPassword ,
:userEmail ,
'#local.token#' ,
#createODBCDate(now())# ,
'' ,
0,
0,
0,
0,
0,
0
)
", "\t|\n", " ", "all"));
Not sure if this is your problem, but it's a good idea to use addParam for all your variables, not just the sql Injection risks.
It ensures they are passed correctly with the correct formatting and also enforces a good habit. Maybe I'm wrong about this, but doesn't #createODBCDateTime# need to be inside single quotes for mySql? addParam will do this stuff for you.
