CFQuery Questions

Hi All, Getting more knowledge of CF. I have questions on CFQuery and URL Parameters. Is the following code right: <!---give a default value to avoid error---> <cfparam name="URL.queryName" default=""> <!---scope out if it is not null---> <cfif isdefined("URL.queryName") and #URL.queryName# NEQ "">     <!--- Query the Content table from MySQL to get the content we are to display --->          <CFSET theSQL="SELECT queryName, title, content FROM content WHERE queryName = " #URL.queryName# >              <cfquery name="getContent" datasource="#application.dsn#">#theSQL# </cfquery>          <!--- for testing only --->     <CFOUTPUT>#theSQL#</CFOUTPUT>               <cfif getContent.recordCount EQ 1>        <!--- we have records --->                      <cfoutput query="getContent">            #content#         </cfoutput>     <cfelse>        <!--- we dont have any data so error --->            NO DATA     </cfif> </cfif> I get CF Construct errors and I know it is due to the CFSet statement, but I don¹t see how to do it correct. Advice? -Jason

Immediate error I see: >    <CFSET theSQL="SELECT queryName, title, content FROM content WHERE > queryName = " #URL.queryName# > Should be >    <CFSET theSQL="SELECT queryName, title, content FROM content WHERE > queryName = '#URL.queryName#' " > But once you have that working, check out the ColdFusion docs on   cfqueryparam or you're gonna get hacked. Google "sql injection attack". Best Wishes, Peter On Jan 9, 2009, at 5:55 PM, J. Todd Slack-Moehrle wrote: ----- Excess quoted text cut - see Original Post for more -----

Oh, and you might want to choose cf talk for these questions - this   list is for questions relating to Mac computers and CF On Jan 9, 2009, at 5:55 PM, J. Todd Slack-Moehrle wrote: ----- Excess quoted text cut - see Original Post for more -----

Thanks for the advice Peter. I appreciate it. -Jason On 1/9/09 3:00 PM, "Peter Bell" <pbell@systemsforge.com> wrote: ----- Excess quoted text cut - see Original Post for more -----