Building Dynamic SQL Statements

You can reference ColdFusion variables in SQL statements to dynamically filter the query result set at run-time. This is referred to as dynamic SQL statements.

For example, you may want to reference Form and URL variables in a SELECT statement to return a result set that is associated with a value that a user entered on an associated form page.

When writing dynamic SQL statements:

• Use the WHERE clause to reference the ColdFusion variable and its relationship to a particular column.
• Surround the variable in pound signs (#) to tell ColdFusion to replace the variablename with the its current value.
• Surround the entire variable reference with single quotes (') to tell the database that this value is a text value.

Dynamic SQL usage example

The action page code below retrieves database records whose LastName field match the value that users entered in the LastName form field - a form variable that passed to this action page when the user submitted a form:

SELECT FirstName, LastName, StartDate, Salary, Contract
FROM Employees
WHERE LastName= '#Form.LastName#'

If the user entered Allaire in the LastName form field, the SQL statement sent to the database at run-time would be:

SELECT FirstName, LastName, StartDate, Salary, Contract
FROM Employees
WHERE LastName= 'Allaire'

Note:

You will learn more about HTML forms and ColdFusion action pages in Chapter 7, Using Forms and Action Pages and more about generating dynamic SQL statements in Chapter 9, Building Search Interfaces.

Copyright © 1999, Allaire Corporation. All rights reserved.