显然coldfusion不喜欢一个查询中有多个sql语句…原来是这样的:
SET @sender_user_id = 3, @recipient_user_id = 5;
INSERT INTO messages (message_type, sender_id, message_title, message_content)
VALUES(3, @sender_user_id, 'One more thing...', 'I am testing this message');
SET @saved_message_id = LAST_INSERT_ID();
INSERT INTO message_recipient (message_id, user_id)
VALUES(@saved_message_id, @recipient_user_id);
INSERT INTO message_status (message_id, user_id, is_read, read_datetime, is_deleted, deleted_datetime)
VALUES (@saved_message_id, @recipient_user_id, 0, NULL, 0, NULL);
变成这样:
<cftransaction>
<cfquery name="insertMessage" dataSource="mySource">
SET @sender_user_id = 3, @recipient_user_id = 5;
</cfquery>
<cfquery name="insertMessage2" dataSource="mySource">
INSERT INTO messages (message_type, sender_id, message_title, message_content)
VALUES(3, @sender_user_id, '#params.message_title#', '#params.message_content#');
</cfquery>
<cfquery name="insertMessage3" dataSource="mySource">
SET @saved_message_id = LAST_INSERT_ID();
</cfquery>
<cfquery name="insertMessage4" dataSource="mySource">
INSERT INTO message_recipient (message_id, user_id)
VALUES(@saved_message_id, @recipient_user_id);
</cfquery>
<cfquery name="insertMessage5" dataSource="mySource">
INSERT INTO message_status (message_id, user_id, is_read, read_datetime, is_deleted, deleted_datetime)
VALUES (@saved_message_id, @recipient_user_id, 0, NULL, 0, NULL);
</cfquery>
</cftransaction>
这很管用…但我想知道有没有什么冷的东西我不知道。否则,这就行了。
最佳答案
在ColdFusion管理中,转到数据源定义表单并将“allowMultiQueries=true”添加到连接字符串框中。完成此操作后,可以在单个cfquery标记中传递多个分号分隔的查询。只需确保使用cfqueryparam来筛选sql注入攻击。