I have a input checkbox field where user can select multiple checkboxes in a form, and depending on what they select, it will create a string of id's like 10,14,35,47, and that will be submitted to the database. I can get this submitted if I just submit it directly like below:
user_job_type_id="#form.user_job_type_id#",
But, if I try and wrap that in a cfqueryparam, which I would rather do to make it more secure, I get an error, regardless of what I do. Whether I set it to a list true or false, varchar, integer, everything throws an error like cfqueryparam doesnt accept the list.
For example, below will not work
user_job_type_id=<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.user_job_type_id#" list="Yes"/>,
What am I missing here?
As @SOS mentioned, you need to use an
INstatement when checking against a list of values in parenthesis. In addition, since the values are all integers, make sure to specify the correctcfsqltype. This ensures the correct date type check for each element in the list.Wrong:
Better:
Best: