在coldfusion函数中使用sql查询的正确方法是什么

Question

我有这段代码可以将变量传递给函数并插入它。但我收到错误：

<cffunction name="insertSupplierPersonnel" output="false" access="public" returnType="struct">
    <cfargument name="name" type="string" required="true" />
    <cfargument name="email" type="string" required="false" default="" />
    <cfargument name="office_phone" type="string" required="false" default="" />
    <cfargument name="mobile_phone" type="string" required="false" default="" />
    <cfargument name="designation" type="string" required="false" default="" />

    <cfset var res = '' />

    <cfquery datasource="#session.dsn_aset#" result="res">
        INSERT INTO `supplier_personnel_incharge` (
            `name`,
            `email`,
            `office_phone`,
            `mobile_phone`,
            `designation`
        )
        VALUES
        (
            cfargument.name,
            cfargument.email,
            cfargument.office_phone,
            cfargument.mobile_phone,
            cfargument.designation
        ) ;
    </cfquery>

    <cfreturn res />
</cffunction>

<cfset res = insertSupplierPersonnel(name='#form.personnel_name#', email='#form.personnel_email#', office_phone='#form.personnel_office_phone#', mobile_phone='#form.personnel_mobile_phone#', designation='#form.personnel_designation#') />

<cfdump  var="#res#">

我收到此错误：

cfargument.name 有问题。使用cfargument 进行插入查询的正确方法是什么？提前致谢。

Answer 1

首先，正确的范围是arguments，而不是cfargument。所以，改变这种事情：

cfargument.name,

到这里：

arguments.name,

接下来，您必须用井号将变量名括起来以获取变量的值，即#arguments.name#。

接下来，使用查询参数，即<cfqueryparam value="#arguments.name#">。除其他外，它们将转义 SQL 查询语法中使用的特殊字符。

Answer 2

总结以上所有正确答案和cmets。这将是您的最佳做法：

• 函数returnType 应该是“查询”，而不是“结构”
• 如果您指定 default 值，CF 会将参数识别为“不需要”
• 对所有查询参数使用cfqueryparam

可选

• 如果没有给定值，请使用cfqueryparam 的null 属性插入NULL
• 您不需要在 sql 语句的末尾使用分号

---

<!---return type is query, not struct --->
<cffunction name="insertSupplierPersonnel" output="false" access="public" returnType="query">
    <cfargument name="name" type="string" required="true" />
    <!--- NOTE: If you specify a default value, CF recognizes the argument as "not required" --->
    <cfargument name="email" type="string" default="" />
    <cfargument name="office_phone" type="string" default="" />
    <cfargument name="mobile_phone" type="string" default="" />
    <cfargument name="designation" type="string" default="" />

    <cfquery datasource="#session.dsn_aset#" result="local.data">
        INSERT INTO supplier_personnel_incharge (
            name, /*Unless your database column names are case-sensitive, you don't need quotation marks around the column names*/
            email,
            office_phone,
            mobile_phone,
            designation
        )
        VALUES
        (
            <cfqueryparam cfsqltype="cf_sql_varchar" value="#trim(arguments.name)#">,
            /*insert NULL if there is no value given*/
            <cfqueryparam cfsqltype="cf_sql_varchar" null="#Not Len(trim(arguments.email))#" value="#trim(arguments.email)#">,
            <cfqueryparam cfsqltype="cf_sql_varchar" null="#Not Len(trim(arguments.office_phone))#" value="#trim(arguments.office_phone)#">,
            <cfqueryparam cfsqltype="cf_sql_varchar" null="#Not Len(trim(arguments.mobile_phone))#" value="#trim(arguments.mobile_phone)#">,
            <cfqueryparam cfsqltype="cf_sql_varchar" null="#Not Len(trim(arguments.designation))#" value="#trim(arguments.designation)#">,
        ) /*you don't need a trailing semi-colon*/
    </cfquery>

    <cfreturn local.data />
</cffunction>

<cfset local.res = insertSupplierPersonnel(name='#form.personnel_name#',
    email='#form.personnel_email#', 
    office_phone='#form.personnel_office_phone#', 
    mobile_phone='#form.personnel_mobile_phone#', 
    designation='#form.personnel_designation#') />

<cfdump var="#local.res#">