Multiple queries with CFMX-MySQL JDBC connector

Posted At : February 10, 2008 10:32 AM | Posted By : Mark Lynch
Related Categories: Database, ColdFusion, mysql

I found a little snippet the other day and included it in the tail end of a previous post - however, on reflection I thought it deserved a post of it's own.

If you want to utilise multiple queries per sql statement and you are using the MYSQL JDBC connector you need to add the following to your jdbc connector querystring.

allowMultiQueries=true

So you querystring would look like:

jdbc:mysql://127.0.0.1:3306/mydbname?allowMultiQueries=true

This will allow you to do queries like the following to return autoincrement values:

<cfquery name="qInsert" datasource="mydsn">
INSERT INTO tbl_demo (name)
VALUES ( <cfqueryparam value="#myName#">);
SELECT last_insert_id() as newID
</cfquery>
<cfoutput>ID of value is: #qInsert.newID#</cfoutput>

Please note however that this functionality is disabled as it can leave the door open for SQL Injection attacks. However, as long as you always use cfqueryparam for all the dynamic parts of your query you will be fine.

Comments (3) | del.icio.us | Linking Blogs

Related Blog Entries

MySQL 5.1 logging changes - Log to DB and runtime config (January 28, 2010)
Apache Deflate Howto (November 15, 2009)
Identifying which queries to tune with MSSQL (February 4, 2009)
Non-case sensitive filesystem on Linux - HOWTO (February 2, 2009)
Loading MySQL timezone info on Linux and Macs (September 8, 2008)
PHP and MySQL 5 bit fields (August 25, 2008)
CF Sandbox Security Tricks and Tips (August 13, 2008)
"Show Full Columns" problem with CFMX and MySQL solved (June 1, 2008)
CF 7.0.2 Cumulative Hotfix 2 breaks MySQL Multiple Queries (April 23, 2008)
CFMX - SOAP vs REST benchmarks (March 13, 2008)
CFMX Mysql Query String for UTF8 and Multiple Queries (February 7, 2008)

Comments

If you allow multiple queries, are you setting yourself up for SQL injection?

# Posted By tsammons | 2/11/08 11:59 AM

Hi tsammons,
Yes and No - you are opening a potential way that sql injection queries can happen, by appending a semi-colon and writing a new query. But if you are correctly using cfqueryparam's in all your queries then it won't happen.

And conversely by not allowing multiple queries, you are not protecting yourself from all potential SQL injection's attacks.
Cheers,
Mark

# Posted By Mark Lynch | 2/11/08 12:34 PM

Brill -This looks like this can reduce the need for a CFLOCK or CFTRANSACTION around an insert while we write the record and then retrieve the new ID.

Additionally, bulk insertion of data should be quicker too.

Thanks

Martin

# Posted By Martin Parry | 2/15/08 9:54 AM

Calendar

Sun	Mon	Tue	Wed	Thu	Fri	Sat
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30	31

Enter your email address to subscribe to this blog.

Archives By Subject

Actionscript (20) [RSS]
AIR (18) [RSS]
Asterisk (7) [RSS]
ColdFusion (66) [RSS]
Contact (1) [RSS]
CSS (4) [RSS]
Database (12) [RSS]
Farcry (3) [RSS]
Flex (32) [RSS]
Gadgets (15) [RSS]
General (24) [RSS]
HOWTO (31) [RSS]
iPhone (2) [RSS]
Java (16) [RSS]
Javascript (2) [RSS]
Jobs (9) [RSS]
Learnosity (8) [RSS]
Linux (50) [RSS]
Mac OSX (8) [RSS]
mysql (11) [RSS]
Nibbler (2) [RSS]
Open Source (69) [RSS]
PHP (7) [RSS]
Railo (6) [RSS]
SMS (1) [RSS]
Software Architecture (10) [RSS]
Systems admin (49) [RSS]
Ubuntu (48) [RSS]
VMWare (2) [RSS]
Windows (12) [RSS]
XMPP (1) [RSS]