Passes queries or SQL statements to a data source.
Macromedia recommends that you use the cfqueryparam tag within every cfquery tag, to help secure your databases from unauthorized users. For more information, see Security Bulletin ASB99-04, "Multiple SQL Statements in Dynamic Queries," in the Macromedia Security Zone, www.macromedia.com/devnet/security/security_zone/asb99-04.html, and Accessing and Retrieving Data in ColdFusion MX Developer's Guide.
<cfquery
name = "query_name"
dataSource = "ds_name"
dbtype = "query"
username = "username"
password = "password"
maxRows = "number"
blockFactor = "blocksize"
timeout = "seconds"
cachedAfter = "date"
cachedWithin = "timespan"
Either of the following:
debug = "yes" or "no"
or:
debug
>
result = "result_name"
</cfquery>
cfinsert, cfprocparam, cfprocresult, cfqueryparam, cfstoredproc, cftransaction, cfupdate; Optimizing database use in Designing and Optimizing a ColdFusion Application and Chapters 19-22 in ColdFusion MX Developer's Guide
ColdFusion MX 7:
result attribute for specifying an alternate name for the structure that holds the result variables.
sql), the number of records returned (recordcount), whether the query was cached (cached), an array of cfqueryparam values (sqlparameters), and the list of columns in the returned query (columnlist).
ColdFusion MX:
connectString, dbName, dbServer, provider, providerDSN, and sql attributes, and all values of the dbtype attribute except query. They do not work, and might cause an error, in releases later than ColdFusion 5.
cfquery.ExecutionTime.
| Attribute | Req/Opt | Default | Description |
|---|---|---|---|
|
name |
Required |
|
Name of query. Used in page to reference query record set. Must begin with a letter. Can include letters, numbers, and underscores. |
|
dataSource |
Required unless dbtype=query. |
|
Name of data source from which query gets data. You must specify either |
|
dbtype |
Optional |
|
Use this value to specify the results of a query as input. You must specify either |
|
username |
Optional |
|
Overrides username in data source setup. |
|
password |
Optional |
|
Overrides password in data source setup. |
|
maxRows |
Optional |
-1 (All) |
Maximum number of rows to return in record set. |
|
blockFactor |
Optional |
1 |
Maximum rows to get at a time from server. Range: 1 - 100. Might not be supported by some database systems. |
|
timeout |
|
|
Maximum number of seconds that each action of a query is permitted to execute before returning an error. The cumulative time may exceed this value. For JDBC statements, ColdFusion sets this attribute. For other drivers, check driver documentation. |
|
cachedAfter |
Optional |
|
Date value (for example, April 16, 1999, 4-16-99). If date of original query is after this date, ColdFusion uses cached query data. To use cached data, current query must use same SQL statement, data source, query name, user name, password. A date/time object is in the range 100 AD-9999 AD. When specifying a date value as a string, you must enclose it in quotation marks. |
|
cachedWithin |
Optional |
|
Timespan, using the To use cached data, the current query must use the same SQL statement, data source, query name, user name, and password. |
|
debug |
Optional; value and equals sign may be omitted |
|
|
|
result |
Optional |
|
Specifies a name for the structure in which |
Use this tag to execute a SQL statement against a ColdFusion data source. Although you can use the cfquery tag to execute any SQL Data Definition Language (DDL) or Data Manipulation Language (DML) statement, you typically use it to execute a SQL SELECT statement.
Note: To call a stored procedure, use the cfstoredproc tag.
This tag creates a query object, providing this information in query variables:
| Variable name | Description |
|---|---|
query_name.currentRow |
Current row of query that |
query_name.columnList |
Comma-delimited list of the query columns. |
query_name.RecordCount |
Number of records (rows) returned from the query. |
The cfquery tag also returns the following result variables in a structure. You can access these variables with a prefix of the name you specified in the result attribute. For example, if you assign the name myResult to the result attribute, you would retrieve the name of the SQL statement that was executed by accessing #myResult.sql#. The result attribute provides a way for functions or CFCs that are called from multiple pages, possibly at the same time, to avoid overwriting results of one call with another.
| Variable name | Description |
|---|---|
result_name.sql |
The SQL statement that was executed. |
result_name.recordcount |
Current row of query that |
result_name.cached |
|
result_name.sqlparameters |
An ordered Array of |
result_name.columnList |
Comma-delimited list of the query columns. |
result_name.ExecutionTime |
Cumulative time required to process the query. |
You can cache query results and execute stored procedures. For information about this and about displaying cfquery output, see ColdFusion MX Developer's Guide.
Because the timeout attribute only affects the maximum time for each suboperation of a query, the cumulative time may exceed its value. To set a timeout for a page that might get a very large result set, set the Administrator > Server Settings > Timeout Requests option to an appropriate value or use the RequestTimeout attribute of the cfsetting tag (for example, <cfsetting requestTimeout="300">).
The Caching page of the ColdFusion MX Administrator specifies the maximum number of cached queries. Setting this value to 0 disables query caching.
You cannot use ColdFusion reserved words as query names.
You cannot use SQL reserved words as variable or column names in a Query of Queries, unless they are escaped. The escape character is the bracket []; for example:
SELECT [count] FROM MYTABLE.
For a list of reserved keywords in ColdFusion MX, see Escaping reserved keywords in Using Query of Queries in ColdFusion MX Developer's Guide.
<!--- This example shows the use of CreateTimeSpan with CFQUERY ------>
<!--- to cache a record set. Define startrow and maxrows to ---->
<!--- facilitate 'next N' style browsing. ---->
<cfparam name="MaxRows" default="10">
<cfparam name="StartRow" default="1">
<!--------------------------------------------------------------------
Query database for information if cached database information has
not been updated in the last six hours; otherwise, use cached data.
--------------------------------------------------------------------->
<cfquery
name="GetParks" datasource="cfdocexamples"
cachedwithin="#CreateTimeSpan(0, 6, 0, 0)#">
SELECT PARKNAME, REGION, STATE
FROM Parks
ORDER BY ParkName, State
</cfquery>
<!--- Build HTML table to display query. ------------------------->
<table cellpadding="1" cellspacing="1">
<tr>
<td bgcolor="f0f0f0">
</td>
<td bgcolor="f0f0f0">
<b><i>Park Name</i></b>
</td>
<td bgcolor="f0f0f0">
<b><i>Region</i></b>
</td>
<td bgcolor="f0f0f0">
<b><i>State</i></b>
</td>
</tr>
<!--- Output the query and define the startrow and maxrows parameters.
Use the query variable CurrentCount to keep track of the row you
are displaying. ------>
<cfoutput query="GetParks" startrow="#StartRow#" maxrows="#MaxRows#">
<tr>
<td valign="top" bgcolor="ffffed">
<b>#GetParks.CurrentRow#</b>
</td>
<td valign="top">
<font size="-1">#ParkName#</font>
</td>
<td valign="top">
<font size="-1">#Region#</font>
</td>
<td valign="top">
<font size="-1">#State#</font>
</td>
</tr>
</cfoutput>
<!--- If the total number of records is less than or equal
to the total number of rows, then offer a link to
the same page, with the startrow value incremented by
maxrows (in the case of this example, incremented by 10). --------->
<tr>
<td colspan="4">
<cfif (StartRow + MaxRows) LTE GetParks.RecordCount>
<cfoutput><a href="#CGI.SCRIPT_NAME#?startrow=#Evaluate(StartRow + MaxRows)#">
See next #MaxRows# rows</a></cfoutput>
</cfif>
</td>
</tr>
</table>