coldfusion - bind a form to the database
I have a large table which inserts data into the database. The problem is when the user edits the table I have to:
- run the query
- use lots of lines like
value="<cfoutput>getData.firstname#</cfoutpu开发者_C百科t>
in the input boxes.
Is there a way to bind the form input boxes to the database via a cfc or cfm file?
Many Thanks,
R
Query objects include the columnList, which is a comma-delimited list of returned columns.
If security and readability aren't an issue, you can always loop over this. However, it basically removes your opportunity to do things like locking certain columns, reduces your ability to do any validation, and means you either just label the form boxes with the column names or you find a way to store labels for each column.
You can then do an insert/update/whatever with them.
I don't recommend this, as it would be nearly impossible to secure, but it might get you where you are going.
If you are using CF 9 you can use the ORM (Object Relation Management) functionality (via CFCs) as described in this online chapter https://www.packtpub.com/sites/default/files/0249-chapter-4-ORM-Database-Interaction.pdf (starting on page 6 of the pdf)
Take a look at <cfgrid>
, it will be the easiest if you're editing table and it can fire 1 update per row.
For security against XSS, you should use <input value="#xmlFormat(getData.firstname)#">
, minimize # of <cfoutput>
tags. XmlFormat()
not needed if you use <cfinput>
.
If you are looking for an easy way to not have to specify all the column names in the insert query cfinsert will try to map all the form names you submit to the database column names.
http://help.adobe.com/en_US/ColdFusion/9.0/CFMLRef/WSc3ff6d0ea77859461172e0811cbec22c24-7c78.html
This is indeed a very good question. I have no doubt that the answers given so far are helpful. I was faced with the same problem, only my table does not have that many fields though.
Per the docs EntityNew()
the syntax shows that you can include the data when instantiating the object:
artistObj = entityNew("Artists",{FirstName="Tom",LastName="Ron"});
instead of having to instantiate and then add the data field by field. In my case all I had to do is:
artistObj = entityNew( "Artists", FORM );
EntitySave( artistObj );
ORMFlush();
NOTE It does appear from your question that you may be running insert or update queries. When using ORM you do not need to do that. But I may be mistaken.
精彩评论