Hi there Running on SA 16.0.0.1915 using jConn4: The Error caused by this simple thing (code is coldfusion, #...# will be replaced by it before SA sees it):
Note that this works where I have only ONE parameter with the same name. Set the commented WHERE clause to the same expression as above i.e. using the same parameter again, SA chokes. Very annoying because embedding parameters literally bypasses parameter checks for all the web-related cheating like sql injection etc. etc. luckily again, having it at least for one parameter working, still prevents the script. Hints to fix that are very welcome. Tinu |
Read this doc page: http://dcx.sybase.com/index.html#sa160/en/dbusage/ptib.html*d5e5480 Host variable references are permitted within batches with the following restrictions:
There are massive behavior changes in this area from SA12x to SA16 ... I have productive applications out there which do lots of batch stuff in SA12 ... I have to rewrite almost all of them to work in SA16 ... and this stuff is not mentioned in chapters "Behavior changes in SA16" in the docs AFAIK.
(09 Jun '14, 08:00)
Tinu8805
Replies hidden
According to SA12 documentation, there is no change with regard to host variable restrictions. See http://dcx.sybase.com/index.html#1201/en/dbusage/ptib.html.
(09 Jun '14, 11:45)
JBSchueler
|
Is the statement wrapped between If yes, use
and not embedded sql host variables like your comment does not apply here. the whole statement is q = new query(); the_sql = "..... all the above ...."; q.setSQL (the_sql); q.addParam (name="uh", value=arguments.User_Hash, cfsqltype="CF_SQL_VARCHAR"); res = q.execute().getResult().SESSION_KEY; i have done such things a million times .. I assume a simple programming bug: some intermediate piece of software (SA, jConn) calculates: find parameter names and occurrences in sql, compare count with count of input parameters, if not equal ... and voila, it breaks
(29 May '14, 09:52)
Tinu8805
@tinu8805 So you're using cfscript... Did you do a dump of the generated SQL and run it in ISQL? Also, I'm not sure you can run a compound statement of the sort in CF. You could break it down in 2 queries between transaction functions. Or use a stored proc.
(29 May '14, 10:40)
Vincent Buck
|