I’m running Coldfusion8/MySQL 5.0.88 and have a search whose results I need to sort ASC/DESC depending on user settings.
If I run this query inside MySQL, it works:
SELECT a.*
FROM artikelstammdaten a
WHERE a.aktiv = "ja"
AND a.firma LIKE '%test_comp%'
GROUP BY a.iln, a.artikelnummer, a.preis_aktuell, a.artikelbezeichnung
HAVING sum(a.bestand) != 0 OR (a.nos = "ja" AND a.nos_anzeige = "ja")
ORDER BY a.preis_aktuell ASC
LIMIT 0, 24
This produces the expected result running in MySQL. But if I do this in Coldfusion:
<cfquery datasource="db" name="results">
SELECT a.*
FROM artikelstammdaten a
WHERE a.aktiv = "ja"
<cfif LOCAL.search.s_firma neq "" AND LOCAL.search.s_firma neq "Default">
AND a.firma LIKE <cfqueryparam value="%#LOCAL.search.s_firma#%" cfsqltype="cf_sql_varchar">
</cfif>
GROUP BY a.iln, a.artikelnummer, a.preis_aktuell, a.artikelbezeichnung
HAVING sum(a.bestand) != 0 OR (a.nos = "ja" AND a.nos_anzeige = "ja")
ORDER BY <cfqueryparam value="#variables.sortierung#" cfsqltype="cf_sql_varchar"> <cfqueryparam value="#variables.sortierung2#" cfsqltype="cf_sql_varchar" maxlength="4">
LIMIT <cfqueryparam value="#variables.first#" cfsqltype="cf_sql_numeric">, <cfqueryparam value="#variables.last#" cfsqltype="cf_sql_numeric">
</cfquery>
It just lists results without any order..
Question:
Any idea what I’m doing wrong and how to get the sorting straight?
Thanks!
Solution:
<cfset variables.allowSort = "DESC,ASC,all_columns_names_that_are_ok,seperated_by_comma">
<cfif listfindnocase(variables.allowSort, variables.sortierung, ",") EQ 0>
ORDER BY a.artikelnummer DESC
<cfelse>
ORDER BY #variables.sortierung# #variables.sortierung2#
</cfif>
So in case the submitted values for either sorting column or sorting direction do not match the allow list, I’m using default sorting criteria, otherwise the submitted values.
You can’t use
<cfqueryparam ...>inORDER BY.More information on this topic can be found in this blog post by Michael Sharman.