mango blogTrying mangoblog on my Railo installation I found at once a bug that invole the different way that railo and cf have to preserve the single quotes in sql syntax where the sql statement is represented by variables.

Mango Blog use a class called QueryInterface where most of the query devoted to collect data ara executed and cached so to speed up teh next identical request.

The used method is this:

<code class="coldfusion">

<cffunction name="makeQuery" access="public" output="false" returntype="any">       
        <cfargument name="query" required="true" type="string">
        <cfargument name="cacheMinutes" required="false" type="numeric" default="-1">
        <cfargument name="returnResult" required="false" type="boolean" default="true">
       
        <cfset var customQuery = queryNew('id')/>
        <cfset var queryStatement = trim(arguments.query)>

        <cfif arguments.cacheMinutes GT -1 AND arguments.returnResult>
            <cfquery name="customQuery" datasource="#variables.datasource.name#"  username="#variables.datasource.username#" password="#variables.datasource.password#" cachedwithin="#createtimespan(0,0,arguments.cacheMinutes,0)#">
            #toString(queryStatement)#
            </cfquery>
        <cfelse>
            <cfquery name="customQuery" datasource="#variables.datasource.name#" username="#variables.datasource.username#" password="#variables.datasource.password#">
            #toString(queryStatement)#
            </cfquery>
        </cfif>
       
        <cfif arguments.returnResult>
            <cfreturn customQuery />
        </cfif>
       
    </cffunction>

</code>

As you see the sql syntax is represented by the variable queryStatement.

To be sure that the essential sinqle quotes are preserved Railo add an psq attribute:

<code class="coldfusion">
<cfquery name="q" datasource="dsn" psq="true">
.................

</code>

Since from cf8 this code is accettable also in coldfusion due to the added ability to pass an argumentcollection to most of the tags where only the recognized attributes are evaluated while the others are skipped.

But I didn't want to loose cf7 compatibility ( this will crash trying to evaluate the psq attributes )  so i tried to use, also for Railo ,the preserveSingleQuotes() function and surprise....is working just fine. Following Railo docs "psq" attributes should be the safest way but after about 2 weeks of runnign Mango with this change I am now convinced that preserveSingleQuotes() will server us ok in this case.

<code class="coldfusion"><cfif arguments.cacheMinutes GT -1 AND arguments.returnResult>
            <cfquery name="customQuery" datasource="#variables.datasource.name#"  username="#variables.datasource.username#" password="#variables.datasource.password#" cachedwithin="#createtimespan(0,0,arguments.cacheMinutes,0)#">
            #preserveSingleQuotes(queryStatement)#
            </cfquery>
        <cfelse>
            <cfquery name="customQuery" datasource="#variables.datasource.name#" username="#variables.datasource.username#" password="#variables.datasource.password#">
            #preserveSingleQuotes(queryStatement)#
            </cfquery>
        </cfif>

</code>

In this way we keep a full compaitbility from on cf7, cf8 and Railo too.

 


andreacfm