老问题着急
<cffunction name="inserttable" access="public" hint="插入函数">
<cfargument name="tablename">
<cfargument name="insertsqlarr" type="struct" hint="参数集合">
<cfargument name="returnid" default="0">
<cfargument name="replace" default="0">
<cfargument name="silent" default="0">
<cfset var insertkeysql = "">
<cfset var insertvaluesql = "">
<cfset var comma = "">
<cfset var method = "">
<cfset var start="ok">
<cfloop collection="#Arguments.insertsqlarr#" item="DataItem">
<cfset insertkeysql = insertkeysql & comma & '`' & DataItem & '`'>
<cfset insertvaluesql = insertvaluesql & comma & "'" & insertsqlarr[DataItem] & "'">
<cfset comma = ", ">
</cfloop>
<!--- <cftry>--->
<cfquery datasource="Connection">
Insert into #Arguments.tablename# (#insertkeysql#) values (#preservesinglequotes(insertvaluesql)#)
</cfquery>
<!--- <cfcatch type="any">
<cfset start="error">
</cfcatch>
</cftry>--->
<cfreturn start>
</cffunction>
这个函数是好用的,但是我想把<cfqueryparam>这个标签加入到函数里,用来防止注入,请问应该怎么修改呢?我多次尝试都不可以