cfqueryparam and "Invalid parameter binding(s)"

[GUJUm0deL]

Hey all, I'm getting this error message: "Invalid parameter binding(s)". I did a little google search on this, and it turn out this error occurs when one uses the <cfqueryparam> tag.

Is there a fix for this? I haven't been able to find one...yet. The only thing that worked for others is removing the <cfqueryparam> tag, and I'm kinda iffy about doing that (especially when I'm trying to force myself to use this wonderful tag). Any thoughts?

I'm afraid of leaving my client open to SQL injection. The query returns listing results based on the criteria the user entered.

Thanks!

____________________________________
Just Imagine.

http://www.imajinarts.com

 

[ecobb]

Why are you getting the error? What's causing it? How is this query different from other queries you've run with cfqueryparam?

It could be your database, what are you using? Is it the same thing you've used in the past? C'mon man, give us some info!

Hope This Helps!

ECAR
ECAR Technologies

http://www.ecartech.com

"My work is a game, a very serious game." - M.C. Escher

 

[GUJUm0deL]

ECAR, yeah, I suppose the code snippet might help,

<cfparam name="FORM.field6" default="">
<cfparam name="FORM.field7" default="">
<cfparam name="FORM.field8" default="">
<cfparam name="FORM.field19" default="">
<cfparam name="FORM.field10" default="">

<cfquery name="abc" datasource="#DB#">
SELECT	PrimaryKey_ID, UserID, field1, field2, field3, field4, field5, field6, field7, field8, field9, field10
FROM	table1
WHERE	field1 = <cfqueryparam cfsqltype="cf_sql_varchar" value="#FORM.field1#" maxlength="50" null="no"> AND
		field2 = <cfqueryparam cfsqltype="cf_sql_varchar" value="#FORM.field2#" maxlength="50" null="no"> AND
		field3 = <cfqueryparam cfsqltype="cf_sql_varchar" value="#FORM.field3#" maxlength="50" null="no"> AND
		field4 = <cfqueryparam cfsqltype="cf_sql_varchar" value="#FORM.field4#" maxlength="15" null="no"> AND
		field5 = <cfqueryparam cfsqltype="cf_sql_varchar" value="#FORM.field5#" maxlength="10" null="no"> AND
		( 	
		field6 = <cfqueryparam cfsqltype="cf_sql_varchar" value="#FORM.field6#" maxlength="15" null="#IIF(FORM.field6 EQ "", true, false)#"> OR
		field7 = <cfqueryparam cfsqltype="cf_sql_integer" value="#FORM.field7#" maxlength="4" null="#IIF(FORM.field7 EQ "", true, false)#"> OR
		field8 = <cfqueryparam cfsqltype="cf_sql_integer" value="#FORM.field8#" maxlength="4" null="#IIF(FORM.field8 EQ "", true, false)#"> OR
		field9 = <cfqueryparam cfsqltype="cf_sql_integer" value="#FORM.field9#" maxlength="4" null="#IIF(FORM.field9 EQ "", true, false)#"> OR
		field10 = <cfqueryparam cfsqltype="cf_sql_integer" value="#FORM.field10#" maxlength="4" null="#IIF(FORM.field10 EQ "", true, false)#">
		)		
</cfquery>

field1 = drop-down field (required)
field2 = drop-down field (required)
field3 = drop-down field (required)
field4 = drop-down field (required)
field5 = drop-down field (required)
field6 = checkbox field (optional, not required)
field7 = checkbox field (optional, not required)
field8 = checkbox field (optional, not required)
field9 = checkbox field (optional, not required)
field10 = checkbox field (optional, not required)

I tried many diff ways to get it to work. I also tried inserting just the required fields, and I still get the error message.

I am using MS SQL Server 2000.

____________________________________
Just Imagine.

http://www.imajinarts.com

 

[GUJUm0deL]

Any ideas?

____________________________________
Just Imagine.

http://www.imajinarts.com

 

[CTekMedia]

Make sure the cfsqltype is correct for each field - compare it to the database. Sometimes, depending on the DB used, the cfsqltype doesn't map properly - try some related types, e.g., clob instead of varchar etc.

Cheers,

Bluetone

 

[GUJUm0deL]

Bluetone, checked all that. Now it's working fine. Which makes me a bit uneasy as why it failed before.

____________________________________
Just Imagine.

http://www.imajinarts.com