我正在努力成为一名优秀的CF Web开发人员并使用< cfqueryparam>围绕进入我的SQL查询的所有FORM或URL元素.
<cfquery datasource="MyDSN" name="qIncidents"> SELECT IncidentID,AnimalID,IntakeDate,DxDate,OutcomeDate FROM Incidents WHERE ShelterID = <cfqueryparam cfsqltype="cf_sql_integer" value="#Arguments.ShelterID#"> ORDER BY <cfqueryparam cfsqltype="cf_sql_varchar" value="#SortBy#"> </cfquery>
当我这样做时,我收到以下错误:
The SELECT item identified by the ORDER BY number 1 contains a variable as part of the expression identifying a column position. Variables are only allowed when ordering by an expression referencing a column name.
有关如何安全地做到这一点的任何建议?
