冷融合查询
每当我使用查询时,我都需要登录数据库(因为我没有 ODBC 设置来执行此操作),但
<cfquery name="rsUser" datasource="dbname" username="admin" password="adminpass">
SELECT *
FROM dbo.UsersView
WHERE UserID = #session.userid#
</cfquery>
我不喜欢的部分是每次进行查询时用户名和密码都可见。我可以使用 #parameter# 但这只是一个小小的改进。除了在服务器上设置 ODBC 之外,还有其他想法吗?
Anytime I'm using a query I need to log into the database (as I don't have ODBC setup to do it)
<cfquery name="rsUser" datasource="dbname" username="admin" password="adminpass">
SELECT *
FROM dbo.UsersView
WHERE UserID = #session.userid#
</cfquery>
the part I don't like is having the username and password visible every time I make a query. I could use a #parameter# but that is only a small improvement. Any other ideas short of setting up the ODBC on the server?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
如果您使用数据源,则无需提供用户名和密码,它们是在设置数据源时提供的。如果您未在 CF 管理员中设置数据源,则必须使用用户名和密码属性,但还必须提供数据库服务器信息。
简而言之,只需取出您的用户名和密码就可以了。
此外,最佳实践是用于传递到查询中的值(在本例中为 session.userid)。 cfqueryparam 不仅有助于保护您免受 SQL 注入攻击等安全问题的影响,还告诉数据库服务器创建一个准备好的语句,该语句将在后续的查询调用中重用,从而提高查询的性能。
If you are using a datasource, you don't need to supply the username and password, they are provided when you set up the datasource. If you don't set up a datasource in the CF Administrator, then you have to user username and password attributes but you'd also have to supply the db server information as well.
So, in short, just pull out your username and password and you should be fine.
Also, it is best practice to use for values passed into your query (in this case, session.userid). cfqueryparam not only helps protect you against security issues like SQL injection attacks, it also tells the the db server to create a prepared statement which will be reused in subsequent calls of the query and thus will increase performance of your queries.
有时人们不喜欢将他们的用户名和密码放入 CF 管理员中,有一个简单的方法可以将数据源信息放入 Application.cf(c|m) 中。
如果使用 Application.cfm,只需在 Application.cfm 中的某处执行以下操作。
如果使用 Application.cfc,则将相同的代码放入 onApplicationStart 方法中。然后在您的查询中只需使用以下内容
正如您所看到的,这使您的代码变得漂亮且易于管理,并且如果您的 DSN 发生更改,您只需在一处更改它。
Sometimes people don't like to put their username and password into the CF Admin and there is a simple way around that would be to put your datasource information in the Application.cf(c|m).
If using Application.cfm just do the following somewhere in the Application.cfm
If using Application.cfc place the same code into your onApplicationStart method. Then in your query just use the following
As you can see this makes your code nice and easy to manage and if your DSN changes you only have to change it in one place.