“new query()”的 SQL 错误在 ColdFusion / Railo 脚本中
当我尝试插入时,我从 Railo 收到了一个非常无用的 SQL 错误。我认为这与我传递给它的 :param 值有关;当我把它们拿出来并用一个简单的字符串替换它们时,它就起作用了。
这是我的代码(位于 CFC 内):
local.registerUserQuery = new query();
local.registerUserQuery.setDatasource("popwave");
local.registerUserQuery.setSQL("
INSERT INTO users (
userUUID,
userName,
userPassword,
userEmail,
userToken,
userCreated,
userBiography,
userCommentPoints,
userLinkPoints,
userImageID,
userRemoved,
userCategoriesOwner,
userCategoriesSubscribed
)
VALUES (
'#createUUID()#' ,
:userName ,
:userPassword ,
:userEmail ,
'#local.token#' ,
#createODBCDate(now())# ,
'' ,
0,
0,
0,
0,
0,
0
)
");
local.registerUserQuery.setName("registerUser");
local.registerUserQuery.addParam( name="userName", value="#arguments.userName#", cfsqltype="cf_sql_varchar" );
local.registerUserQuery.addParam( name="userPassword", value="#arguments.userPassword#", cfsqltype="cf_sql_varchar" );
local.registerUserQuery.addParam( name="userEmail", value="#arguments.userEmail#", cfsqltype="cf_sql_varchar" );
local.registerUserQuery.execute();
我一生都无法理解为什么会抛出错误!我需要能够使用:param。
这是 Railo 错误:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 49
检查该行号似乎没有指向任何相关内容。该查询位于第 200 行!而且,如前所述...当我替换这些 :param 值时,SQL 似乎可以工作。
我真的在这里做错了什么吗?拔我的头发!
谢谢, 迈克尔.
编辑:
忘了提及,Railo 版本是:
Railo 3.3.1.000 Error (database)
I get a very unhelpful SQL error from Railo when trying to do an insert. I think it has something to do with the :param values I am passing to it; as when I take these out and replace them with a simple string, it works.
Here's my code (which sits inside a CFC):
local.registerUserQuery = new query();
local.registerUserQuery.setDatasource("popwave");
local.registerUserQuery.setSQL("
INSERT INTO users (
userUUID,
userName,
userPassword,
userEmail,
userToken,
userCreated,
userBiography,
userCommentPoints,
userLinkPoints,
userImageID,
userRemoved,
userCategoriesOwner,
userCategoriesSubscribed
)
VALUES (
'#createUUID()#' ,
:userName ,
:userPassword ,
:userEmail ,
'#local.token#' ,
#createODBCDate(now())# ,
'' ,
0,
0,
0,
0,
0,
0
)
");
local.registerUserQuery.setName("registerUser");
local.registerUserQuery.addParam( name="userName", value="#arguments.userName#", cfsqltype="cf_sql_varchar" );
local.registerUserQuery.addParam( name="userPassword", value="#arguments.userPassword#", cfsqltype="cf_sql_varchar" );
local.registerUserQuery.addParam( name="userEmail", value="#arguments.userEmail#", cfsqltype="cf_sql_varchar" );
local.registerUserQuery.execute();
I cannot understand for the life of me why this is throwing an error! I need to be able to use :param's.
Here's the Railo error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 49
Examining that line number does not seem to point to anything related. This query is on something like line 200! And, as mentioned earlier...the SQL seems to work when I replace these :param values.
Is there actually something I am doing wrong here? Pulling my hair out!
Thanks,
Michael.
EDIT:
Forgot to mention, the Railo version is:
Railo 3.3.1.000 Error (database)
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
听起来您遇到了问题 RAILO-1281 应该在 3.3 中修复.1.005。
顺便说一句,您应该对所有动态值使用
addParam。Sounds like you are experiencing issue RAILO-1281 which should be fixed in 3.3.1.005.
As an aside, you should use
addParamfor all of the dynamic values.试试这个
Try this
不确定这是否是您的问题,但最好对所有变量使用 addParam,而不仅仅是 sql 注入风险。
它确保它们以正确的格式正确传递,并强制养成良好的习惯。也许我错了,但是
#createODBCDateTime#不需要在 mySql 的单引号内吗? addParam 会为你做这些事情。Not sure if this is your problem, but it's a good idea to use addParam for all your variables, not just the sql Injection risks.
It ensures they are passed correctly with the correct formatting and also enforces a good habit. Maybe I'm wrong about this, but doesn't
#createODBCDateTime#need to be inside single quotes for mySql? addParam will do this stuff for you.