我需要添加條件到我的SQL查詢。我想出了這個解決方案,但它不起作用,我不知道爲什麼。CFScript中的動態SQL
local.platformId = arguments.platformId ? "AND platforms.id = #arguments.platformId#" : "";
local.pages = new Query(dataSource=variables.wheels.class.connection.datasource);
local.pages.setSQL
("
SELECT COUNT(games.id) AS totalRecords
FROM games
INNER JOIN platforms ON games.platformId = platforms.id
WHERE 0=0
:platform
");
local.pages.addParam(name="platform", cfsqltype="CF_SQL_VARCHAR", value=local.platformId);
local.pages = local.pages.execute().getResult();
我得到的錯誤:You have an error in your SQL syntax; check ... near ''AND platforms.id = 1' ''' at line 6
不知道如何繞過這個限制,並且仍然確保SQL注入安全?
如果我這樣做,而且也沒有指定平臺,什麼都不會回來了......因此,對於「其中0 = 0」 – Mohamad 2011-05-06 14:18:52
不夠公平,在這種情況下我會去與亞當的建議 – duncan 2011-05-09 09:30:28