Is it possible to pass stored proc result to another cfstoredproc in ColdFusion?
I would like to pass the stored proc result to another stored proc in ColdFusion. If anyone would be able to help on this.
<cfif not isDefined("getYN")>
<cfstoredproc procedure="stored_proc" datasource="#dsn#">
<cfprocparam cfsqltype="cf_sql_varchar" dbvarname="@lang" type="in" value="#this.lang#"/>
<cfprocparam cfsqltype="cf_sql_varchar" dbvarname="@sqlStatement" type="in" value="#getYN#" null="#NOT len(trim(getYN))#" />
<cfprocresult name="getYN" resultset = "1">
</cfstoredproc>
</cfif>
<cfstoredproc procedure="sp_test" datasource="#dsn#">
<cfprocparam cfsqltype="cf_sql_varchar" dbvarname="@lang" type="in" value="#this.lang#"/>
<cfprocparam cfsqltype="cf_sql_varchar" dbvarname="@sqlStatement" type="in" value="#getYN#" null="#NOT len(trim(getYN))#" />
<cfprocresult name="get" resultset = "2">
</cfstoredproc>
The above is the code example. In the second store proc, I am passing the result of 1st proc to the dbvarname sqlStatement of 2nd stored proc. But the passed value #getYN# should be query instead of result because I am using it for FROM clause. The 2nd stored proc in sql server is like below:
ALTER PROCEDURE [dbo].[sp_test]
@lang CHAR(5),
@code VARCHAR(20),
@sqlStatement nVARCHAR(max) = NULL
AS
BEGIN
SET NOCOUNT ON;
DECLARE @sSQL nVARCHAR(max)
SET @sSQL = ' SELECT col1
FROM '+ @sqlStatement +
' WHERE col2 = @lang
AND col3 = @code '
EXECUTE SP_EXECUTESQL @sSQL, N'@lang CHAR(5),
@code VARCHAR(20)', @lang, @code ;
SET NOCOUNT OFF;
END
In addition, the above two code is created from the below code to replace it with cfstoredproc instead of cfquery:
<cfif NOT isDefined("request.getYN")>
<cfquery name="request.getYN" datasource="#request.dsn.pqr#">
SELECT
LANGUAGE_CODE ,
YN_CODE ,
YN_DESCRIPTION
FROM
LANGUAGE_ALTS_YN
WHERE
language_code IN (
'EN','#this.lang#'
)
</cfquery>
</cfif>
<cfquery name="get" dbtype="query">
SELECT
yn_description
FROM
request.getYN
WHERE
language_code =
<cfqueryparam cfsqltype="cf_sql_varchar" value="#this.lang#" />
AND yn_code = <cfqueryparam cfsqltype="cf_sql_varchar"
value="#arguments.code#" />
</cfquery>
coldfusion coldfusion-2016 qoq
|
show 5 more comments
I would like to pass the stored proc result to another stored proc in ColdFusion. If anyone would be able to help on this.
<cfif not isDefined("getYN")>
<cfstoredproc procedure="stored_proc" datasource="#dsn#">
<cfprocparam cfsqltype="cf_sql_varchar" dbvarname="@lang" type="in" value="#this.lang#"/>
<cfprocparam cfsqltype="cf_sql_varchar" dbvarname="@sqlStatement" type="in" value="#getYN#" null="#NOT len(trim(getYN))#" />
<cfprocresult name="getYN" resultset = "1">
</cfstoredproc>
</cfif>
<cfstoredproc procedure="sp_test" datasource="#dsn#">
<cfprocparam cfsqltype="cf_sql_varchar" dbvarname="@lang" type="in" value="#this.lang#"/>
<cfprocparam cfsqltype="cf_sql_varchar" dbvarname="@sqlStatement" type="in" value="#getYN#" null="#NOT len(trim(getYN))#" />
<cfprocresult name="get" resultset = "2">
</cfstoredproc>
The above is the code example. In the second store proc, I am passing the result of 1st proc to the dbvarname sqlStatement of 2nd stored proc. But the passed value #getYN# should be query instead of result because I am using it for FROM clause. The 2nd stored proc in sql server is like below:
ALTER PROCEDURE [dbo].[sp_test]
@lang CHAR(5),
@code VARCHAR(20),
@sqlStatement nVARCHAR(max) = NULL
AS
BEGIN
SET NOCOUNT ON;
DECLARE @sSQL nVARCHAR(max)
SET @sSQL = ' SELECT col1
FROM '+ @sqlStatement +
' WHERE col2 = @lang
AND col3 = @code '
EXECUTE SP_EXECUTESQL @sSQL, N'@lang CHAR(5),
@code VARCHAR(20)', @lang, @code ;
SET NOCOUNT OFF;
END
In addition, the above two code is created from the below code to replace it with cfstoredproc instead of cfquery:
<cfif NOT isDefined("request.getYN")>
<cfquery name="request.getYN" datasource="#request.dsn.pqr#">
SELECT
LANGUAGE_CODE ,
YN_CODE ,
YN_DESCRIPTION
FROM
LANGUAGE_ALTS_YN
WHERE
language_code IN (
'EN','#this.lang#'
)
</cfquery>
</cfif>
<cfquery name="get" dbtype="query">
SELECT
yn_description
FROM
request.getYN
WHERE
language_code =
<cfqueryparam cfsqltype="cf_sql_varchar" value="#this.lang#" />
AND yn_code = <cfqueryparam cfsqltype="cf_sql_varchar"
value="#arguments.code#" />
</cfquery>
coldfusion coldfusion-2016 qoq
1
If your stored procedure does not change any data, can you make a SQL function instead?
– James A Mohler
Nov 21 at 2:52
@JamesAMohler Yes, but I have to have store proc instead of function.
– S M
Nov 21 at 16:06
@Miguel-F I have updated the code. Thanks
– S M
Nov 21 at 16:17
1
This is this notcodereview.stackexchange.com
, but I hope you are aware that you are writing twice as much code and it will come out less secure. I suspect it will run slower too.
– James A Mohler
Nov 21 at 17:05
1
Adding a dynamicFROM
to a query can be very dangerous. At the very least, I would add in some kind of blacklisting to prevent access to system tables, or preferably whitelist to only allow the tables you intend a user to access. Or even better, take a deep look at user permissions for bothEXECUTE
andSELECT
. Also, are you able to combine the two stored procedures into another single sproc? What flavor and version of SQL?
– Shawn
Nov 21 at 19:52
|
show 5 more comments
I would like to pass the stored proc result to another stored proc in ColdFusion. If anyone would be able to help on this.
<cfif not isDefined("getYN")>
<cfstoredproc procedure="stored_proc" datasource="#dsn#">
<cfprocparam cfsqltype="cf_sql_varchar" dbvarname="@lang" type="in" value="#this.lang#"/>
<cfprocparam cfsqltype="cf_sql_varchar" dbvarname="@sqlStatement" type="in" value="#getYN#" null="#NOT len(trim(getYN))#" />
<cfprocresult name="getYN" resultset = "1">
</cfstoredproc>
</cfif>
<cfstoredproc procedure="sp_test" datasource="#dsn#">
<cfprocparam cfsqltype="cf_sql_varchar" dbvarname="@lang" type="in" value="#this.lang#"/>
<cfprocparam cfsqltype="cf_sql_varchar" dbvarname="@sqlStatement" type="in" value="#getYN#" null="#NOT len(trim(getYN))#" />
<cfprocresult name="get" resultset = "2">
</cfstoredproc>
The above is the code example. In the second store proc, I am passing the result of 1st proc to the dbvarname sqlStatement of 2nd stored proc. But the passed value #getYN# should be query instead of result because I am using it for FROM clause. The 2nd stored proc in sql server is like below:
ALTER PROCEDURE [dbo].[sp_test]
@lang CHAR(5),
@code VARCHAR(20),
@sqlStatement nVARCHAR(max) = NULL
AS
BEGIN
SET NOCOUNT ON;
DECLARE @sSQL nVARCHAR(max)
SET @sSQL = ' SELECT col1
FROM '+ @sqlStatement +
' WHERE col2 = @lang
AND col3 = @code '
EXECUTE SP_EXECUTESQL @sSQL, N'@lang CHAR(5),
@code VARCHAR(20)', @lang, @code ;
SET NOCOUNT OFF;
END
In addition, the above two code is created from the below code to replace it with cfstoredproc instead of cfquery:
<cfif NOT isDefined("request.getYN")>
<cfquery name="request.getYN" datasource="#request.dsn.pqr#">
SELECT
LANGUAGE_CODE ,
YN_CODE ,
YN_DESCRIPTION
FROM
LANGUAGE_ALTS_YN
WHERE
language_code IN (
'EN','#this.lang#'
)
</cfquery>
</cfif>
<cfquery name="get" dbtype="query">
SELECT
yn_description
FROM
request.getYN
WHERE
language_code =
<cfqueryparam cfsqltype="cf_sql_varchar" value="#this.lang#" />
AND yn_code = <cfqueryparam cfsqltype="cf_sql_varchar"
value="#arguments.code#" />
</cfquery>
coldfusion coldfusion-2016 qoq
I would like to pass the stored proc result to another stored proc in ColdFusion. If anyone would be able to help on this.
<cfif not isDefined("getYN")>
<cfstoredproc procedure="stored_proc" datasource="#dsn#">
<cfprocparam cfsqltype="cf_sql_varchar" dbvarname="@lang" type="in" value="#this.lang#"/>
<cfprocparam cfsqltype="cf_sql_varchar" dbvarname="@sqlStatement" type="in" value="#getYN#" null="#NOT len(trim(getYN))#" />
<cfprocresult name="getYN" resultset = "1">
</cfstoredproc>
</cfif>
<cfstoredproc procedure="sp_test" datasource="#dsn#">
<cfprocparam cfsqltype="cf_sql_varchar" dbvarname="@lang" type="in" value="#this.lang#"/>
<cfprocparam cfsqltype="cf_sql_varchar" dbvarname="@sqlStatement" type="in" value="#getYN#" null="#NOT len(trim(getYN))#" />
<cfprocresult name="get" resultset = "2">
</cfstoredproc>
The above is the code example. In the second store proc, I am passing the result of 1st proc to the dbvarname sqlStatement of 2nd stored proc. But the passed value #getYN# should be query instead of result because I am using it for FROM clause. The 2nd stored proc in sql server is like below:
ALTER PROCEDURE [dbo].[sp_test]
@lang CHAR(5),
@code VARCHAR(20),
@sqlStatement nVARCHAR(max) = NULL
AS
BEGIN
SET NOCOUNT ON;
DECLARE @sSQL nVARCHAR(max)
SET @sSQL = ' SELECT col1
FROM '+ @sqlStatement +
' WHERE col2 = @lang
AND col3 = @code '
EXECUTE SP_EXECUTESQL @sSQL, N'@lang CHAR(5),
@code VARCHAR(20)', @lang, @code ;
SET NOCOUNT OFF;
END
In addition, the above two code is created from the below code to replace it with cfstoredproc instead of cfquery:
<cfif NOT isDefined("request.getYN")>
<cfquery name="request.getYN" datasource="#request.dsn.pqr#">
SELECT
LANGUAGE_CODE ,
YN_CODE ,
YN_DESCRIPTION
FROM
LANGUAGE_ALTS_YN
WHERE
language_code IN (
'EN','#this.lang#'
)
</cfquery>
</cfif>
<cfquery name="get" dbtype="query">
SELECT
yn_description
FROM
request.getYN
WHERE
language_code =
<cfqueryparam cfsqltype="cf_sql_varchar" value="#this.lang#" />
AND yn_code = <cfqueryparam cfsqltype="cf_sql_varchar"
value="#arguments.code#" />
</cfquery>
coldfusion coldfusion-2016 qoq
coldfusion coldfusion-2016 qoq
edited Nov 26 at 16:40
James A Mohler
7,094123252
7,094123252
asked Nov 20 at 19:16
S M
6710
6710
1
If your stored procedure does not change any data, can you make a SQL function instead?
– James A Mohler
Nov 21 at 2:52
@JamesAMohler Yes, but I have to have store proc instead of function.
– S M
Nov 21 at 16:06
@Miguel-F I have updated the code. Thanks
– S M
Nov 21 at 16:17
1
This is this notcodereview.stackexchange.com
, but I hope you are aware that you are writing twice as much code and it will come out less secure. I suspect it will run slower too.
– James A Mohler
Nov 21 at 17:05
1
Adding a dynamicFROM
to a query can be very dangerous. At the very least, I would add in some kind of blacklisting to prevent access to system tables, or preferably whitelist to only allow the tables you intend a user to access. Or even better, take a deep look at user permissions for bothEXECUTE
andSELECT
. Also, are you able to combine the two stored procedures into another single sproc? What flavor and version of SQL?
– Shawn
Nov 21 at 19:52
|
show 5 more comments
1
If your stored procedure does not change any data, can you make a SQL function instead?
– James A Mohler
Nov 21 at 2:52
@JamesAMohler Yes, but I have to have store proc instead of function.
– S M
Nov 21 at 16:06
@Miguel-F I have updated the code. Thanks
– S M
Nov 21 at 16:17
1
This is this notcodereview.stackexchange.com
, but I hope you are aware that you are writing twice as much code and it will come out less secure. I suspect it will run slower too.
– James A Mohler
Nov 21 at 17:05
1
Adding a dynamicFROM
to a query can be very dangerous. At the very least, I would add in some kind of blacklisting to prevent access to system tables, or preferably whitelist to only allow the tables you intend a user to access. Or even better, take a deep look at user permissions for bothEXECUTE
andSELECT
. Also, are you able to combine the two stored procedures into another single sproc? What flavor and version of SQL?
– Shawn
Nov 21 at 19:52
1
1
If your stored procedure does not change any data, can you make a SQL function instead?
– James A Mohler
Nov 21 at 2:52
If your stored procedure does not change any data, can you make a SQL function instead?
– James A Mohler
Nov 21 at 2:52
@JamesAMohler Yes, but I have to have store proc instead of function.
– S M
Nov 21 at 16:06
@JamesAMohler Yes, but I have to have store proc instead of function.
– S M
Nov 21 at 16:06
@Miguel-F I have updated the code. Thanks
– S M
Nov 21 at 16:17
@Miguel-F I have updated the code. Thanks
– S M
Nov 21 at 16:17
1
1
This is this not
codereview.stackexchange.com
, but I hope you are aware that you are writing twice as much code and it will come out less secure. I suspect it will run slower too.– James A Mohler
Nov 21 at 17:05
This is this not
codereview.stackexchange.com
, but I hope you are aware that you are writing twice as much code and it will come out less secure. I suspect it will run slower too.– James A Mohler
Nov 21 at 17:05
1
1
Adding a dynamic
FROM
to a query can be very dangerous. At the very least, I would add in some kind of blacklisting to prevent access to system tables, or preferably whitelist to only allow the tables you intend a user to access. Or even better, take a deep look at user permissions for both EXECUTE
and SELECT
. Also, are you able to combine the two stored procedures into another single sproc? What flavor and version of SQL?– Shawn
Nov 21 at 19:52
Adding a dynamic
FROM
to a query can be very dangerous. At the very least, I would add in some kind of blacklisting to prevent access to system tables, or preferably whitelist to only allow the tables you intend a user to access. Or even better, take a deep look at user permissions for both EXECUTE
and SELECT
. Also, are you able to combine the two stored procedures into another single sproc? What flavor and version of SQL?– Shawn
Nov 21 at 19:52
|
show 5 more comments
1 Answer
1
active
oldest
votes
The second query really isn't a query. It can't be made into a stored procedure because it does not run on the database server. In other words dbtype="query"
is not on the DB server
Besides, you can just filter this data down.
Was
<cfquery name="get" dbtype="query">
SELECT yn_description
FROM
request.getYN
WHERE
language_code = <cfqueryparam cfsqltype="cf_sql_varchar" value="#this.lang#" />
AND yn_code = <cfqueryparam cfsqltype="cf_sql_varchar"
value="#arguments.code#" />
</cfquery>
Should be
get = request.getYN.filter(function () {
return (lang_code == this.lang && yn_code == code);
});
Note: that code on my second line is not scoped. That is not a mistake.
For query filters see: https://helpx.adobe.com/coldfusion/cfml-reference/coldfusion-functions/functions-m-r/queryfilter.html
Code based on comment
get = request.getYN.filter(function () {
return (lang_code == this.lang && yn_code == code);
}).yn_description;
BTW: Unless the field are large text, varchar(max), or xml, It typically does matter if you are picking one or all
Thank you so much. It helped me to get rid of inline sql statements.
– S M
Nov 26 at 15:55
But how to get the column value yn_description only instead of getting all the column values. Thanks again.
– S M
Nov 26 at 16:12
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53400018%2fis-it-possible-to-pass-stored-proc-result-to-another-cfstoredproc-in-coldfusion%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
The second query really isn't a query. It can't be made into a stored procedure because it does not run on the database server. In other words dbtype="query"
is not on the DB server
Besides, you can just filter this data down.
Was
<cfquery name="get" dbtype="query">
SELECT yn_description
FROM
request.getYN
WHERE
language_code = <cfqueryparam cfsqltype="cf_sql_varchar" value="#this.lang#" />
AND yn_code = <cfqueryparam cfsqltype="cf_sql_varchar"
value="#arguments.code#" />
</cfquery>
Should be
get = request.getYN.filter(function () {
return (lang_code == this.lang && yn_code == code);
});
Note: that code on my second line is not scoped. That is not a mistake.
For query filters see: https://helpx.adobe.com/coldfusion/cfml-reference/coldfusion-functions/functions-m-r/queryfilter.html
Code based on comment
get = request.getYN.filter(function () {
return (lang_code == this.lang && yn_code == code);
}).yn_description;
BTW: Unless the field are large text, varchar(max), or xml, It typically does matter if you are picking one or all
Thank you so much. It helped me to get rid of inline sql statements.
– S M
Nov 26 at 15:55
But how to get the column value yn_description only instead of getting all the column values. Thanks again.
– S M
Nov 26 at 16:12
add a comment |
The second query really isn't a query. It can't be made into a stored procedure because it does not run on the database server. In other words dbtype="query"
is not on the DB server
Besides, you can just filter this data down.
Was
<cfquery name="get" dbtype="query">
SELECT yn_description
FROM
request.getYN
WHERE
language_code = <cfqueryparam cfsqltype="cf_sql_varchar" value="#this.lang#" />
AND yn_code = <cfqueryparam cfsqltype="cf_sql_varchar"
value="#arguments.code#" />
</cfquery>
Should be
get = request.getYN.filter(function () {
return (lang_code == this.lang && yn_code == code);
});
Note: that code on my second line is not scoped. That is not a mistake.
For query filters see: https://helpx.adobe.com/coldfusion/cfml-reference/coldfusion-functions/functions-m-r/queryfilter.html
Code based on comment
get = request.getYN.filter(function () {
return (lang_code == this.lang && yn_code == code);
}).yn_description;
BTW: Unless the field are large text, varchar(max), or xml, It typically does matter if you are picking one or all
Thank you so much. It helped me to get rid of inline sql statements.
– S M
Nov 26 at 15:55
But how to get the column value yn_description only instead of getting all the column values. Thanks again.
– S M
Nov 26 at 16:12
add a comment |
The second query really isn't a query. It can't be made into a stored procedure because it does not run on the database server. In other words dbtype="query"
is not on the DB server
Besides, you can just filter this data down.
Was
<cfquery name="get" dbtype="query">
SELECT yn_description
FROM
request.getYN
WHERE
language_code = <cfqueryparam cfsqltype="cf_sql_varchar" value="#this.lang#" />
AND yn_code = <cfqueryparam cfsqltype="cf_sql_varchar"
value="#arguments.code#" />
</cfquery>
Should be
get = request.getYN.filter(function () {
return (lang_code == this.lang && yn_code == code);
});
Note: that code on my second line is not scoped. That is not a mistake.
For query filters see: https://helpx.adobe.com/coldfusion/cfml-reference/coldfusion-functions/functions-m-r/queryfilter.html
Code based on comment
get = request.getYN.filter(function () {
return (lang_code == this.lang && yn_code == code);
}).yn_description;
BTW: Unless the field are large text, varchar(max), or xml, It typically does matter if you are picking one or all
The second query really isn't a query. It can't be made into a stored procedure because it does not run on the database server. In other words dbtype="query"
is not on the DB server
Besides, you can just filter this data down.
Was
<cfquery name="get" dbtype="query">
SELECT yn_description
FROM
request.getYN
WHERE
language_code = <cfqueryparam cfsqltype="cf_sql_varchar" value="#this.lang#" />
AND yn_code = <cfqueryparam cfsqltype="cf_sql_varchar"
value="#arguments.code#" />
</cfquery>
Should be
get = request.getYN.filter(function () {
return (lang_code == this.lang && yn_code == code);
});
Note: that code on my second line is not scoped. That is not a mistake.
For query filters see: https://helpx.adobe.com/coldfusion/cfml-reference/coldfusion-functions/functions-m-r/queryfilter.html
Code based on comment
get = request.getYN.filter(function () {
return (lang_code == this.lang && yn_code == code);
}).yn_description;
BTW: Unless the field are large text, varchar(max), or xml, It typically does matter if you are picking one or all
edited Nov 26 at 16:40
answered Nov 22 at 17:13
James A Mohler
7,094123252
7,094123252
Thank you so much. It helped me to get rid of inline sql statements.
– S M
Nov 26 at 15:55
But how to get the column value yn_description only instead of getting all the column values. Thanks again.
– S M
Nov 26 at 16:12
add a comment |
Thank you so much. It helped me to get rid of inline sql statements.
– S M
Nov 26 at 15:55
But how to get the column value yn_description only instead of getting all the column values. Thanks again.
– S M
Nov 26 at 16:12
Thank you so much. It helped me to get rid of inline sql statements.
– S M
Nov 26 at 15:55
Thank you so much. It helped me to get rid of inline sql statements.
– S M
Nov 26 at 15:55
But how to get the column value yn_description only instead of getting all the column values. Thanks again.
– S M
Nov 26 at 16:12
But how to get the column value yn_description only instead of getting all the column values. Thanks again.
– S M
Nov 26 at 16:12
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53400018%2fis-it-possible-to-pass-stored-proc-result-to-another-cfstoredproc-in-coldfusion%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
If your stored procedure does not change any data, can you make a SQL function instead?
– James A Mohler
Nov 21 at 2:52
@JamesAMohler Yes, but I have to have store proc instead of function.
– S M
Nov 21 at 16:06
@Miguel-F I have updated the code. Thanks
– S M
Nov 21 at 16:17
1
This is this not
codereview.stackexchange.com
, but I hope you are aware that you are writing twice as much code and it will come out less secure. I suspect it will run slower too.– James A Mohler
Nov 21 at 17:05
1
Adding a dynamic
FROM
to a query can be very dangerous. At the very least, I would add in some kind of blacklisting to prevent access to system tables, or preferably whitelist to only allow the tables you intend a user to access. Or even better, take a deep look at user permissions for bothEXECUTE
andSELECT
. Also, are you able to combine the two stored procedures into another single sproc? What flavor and version of SQL?– Shawn
Nov 21 at 19:52