Skip to content
This repository was archived by the owner on Apr 21, 2026. It is now read-only.

Commit be1aa8f

Browse files
bpamiriclaude
bpamiri
and
claude
committed
fix: Replace unsupported params=[] with Wheels inline value convention across all controllers
Wheels findAll/findOne/count/exists/deleteAll/updateAll silently ignore the params=[] argument, leaving literal ? in SQL. Converted 78 occurrences across 12 controller files to use inline values that Wheels auto-parameterizes via cfqueryparam. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
1 parent b191cfa commit be1aa8f

12 files changed

Lines changed: 83 additions & 91 deletions

app/controllers/admin/AdminController.cfc

Lines changed: 20 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -37,8 +37,8 @@ component extends="app.Controllers.Controller" {
3737
// Get categories and tags for the form
3838
var categories = model("Category").findAll(order="name ASC");
3939
var postTypes = model("PostType").findAll(order="name ASC");
40-
var blogCategories = model("BlogCategory").findAll(where="blogId = ?", params=[blog.id]);
41-
var blogTags = model("Tag").findAll(where="blogId = ?", params=[blog.id]);
40+
var blogCategories = model("BlogCategory").findAll(where="blogId = #val(blog.id)#");
41+
var blogTags = model("Tag").findAll(where="blogId = #val(blog.id)#");
4242

4343
// Prepare data for the view
4444
var selectedCategories = [];
@@ -292,7 +292,7 @@ component extends="app.Controllers.Controller" {
292292
if (blog.save()) {
293293
if(len(trim(publishDate)) && blog.status == "Approved"){
294294
var siteurl = urlFor(route="blog-detail",slug=blog.slug ,onlyPath=false);
295-
var emaildata = model("emailTemplate").findAll(where="title = ?", params=["Publish Blog"]);
295+
var emaildata = model("emailTemplate").findAll(where="title = 'Publish Blog'");
296296
var emailparams = {
297297
"name" = user.fullname,
298298
"buttonTitle" = emaildata.buttonTitle,
@@ -390,7 +390,7 @@ component extends="app.Controllers.Controller" {
390390

391391
private function getBlogBySlug(required string slug) {
392392
return model("Blog").findOne(
393-
where="blog_posts.slug = ?", params=[arguments.slug],
393+
where="blog_posts.slug = '#arguments.slug#'",
394394
include="User,PostStatus"
395395
);
396396
}
@@ -402,7 +402,7 @@ component extends="app.Controllers.Controller" {
402402
// Basic counts
403403
totalBlogs = model("blog").count();
404404
totalTestimonials = model("testimonial").count();
405-
totalNewUser = model("user").count(where="createdat >= ?", params=[dateFormat(now(), "yyyy-mm-dd")]);
405+
totalNewUser = model("user").count(where="createdat >= '#dateFormat(now(), "yyyy-mm-dd")#'");
406406
totalUser = model("user").count();
407407
activeUsers = model("user").count(where="status = 'true'");
408408

@@ -411,7 +411,7 @@ component extends="app.Controllers.Controller" {
411411

412412
// Get list of users from last 7 days (for display)
413413
last_seven_days_user = model("user").findAll(
414-
where="createdat >= ?", params=[dateFormat(sevenDaysAgo, "yyyy-mm-dd")],
414+
where="createdat >= '#dateFormat(sevenDaysAgo, "yyyy-mm-dd")#'",
415415
order="createdat DESC"
416416
);
417417

@@ -579,7 +579,7 @@ component extends="app.Controllers.Controller" {
579579
comment.isPublished = true;
580580
if(comment.save()){
581581
siteurl = urlFor(route="blog-detail",slug=comment.blog.slug ,onlyPath=false);
582-
var emaildata = model("emailTemplate").findAll(where="title = ?", params=["Publish comment"]);
582+
var emaildata = model("emailTemplate").findAll(where="title = 'Publish comment'");
583583
var emailparams = {
584584
"name" = user.fullname,
585585
"buttonTitle" = emaildata.buttonTitle,
@@ -648,7 +648,7 @@ component extends="app.Controllers.Controller" {
648648
blog.status = "Rejected"; //reject
649649
blog.publishedAt = "";
650650
if (blog.save()) {
651-
var emaildata = model("emailTemplate").findAll(where="title = ?", params=["Reject blog"]);
651+
var emaildata = model("emailTemplate").findAll(where="title = 'Reject blog'");
652652
var emailparams = {
653653
"name" = user.fullname,
654654
"buttonTitle" = emaildata.buttonTitle,
@@ -741,7 +741,7 @@ component extends="app.Controllers.Controller" {
741741
wpId = wpAuth.author_id.__text;
742742

743743
// Find existing user by email
744-
user = model("User").findOne(where="email = ?", params=[email]);
744+
user = model("User").findOne(where="email = '#email#'");
745745

746746
if (!IsObject(user)) {
747747
// Create new user if not found
@@ -841,7 +841,7 @@ component extends="app.Controllers.Controller" {
841841
: 1; // Default to ID 1 if not found
842842

843843
// Check if post already exists by WordPress ID
844-
var existingPost = model("Blog").findOne(where="title = ? AND slug = ?", params=[title, slug]);
844+
var existingPost = model("Blog").findOne(where="title = '#title#' AND slug = '#slug#'");
845845

846846
var blogPost = "";
847847
if (!isObject(existingPost)) {
@@ -890,8 +890,8 @@ component extends="app.Controllers.Controller" {
890890
postMap[wpId] = existingPost.id;
891891

892892
// Delete existing categories and tags for this post
893-
model("BlogCategory").deleteAll(where="blogId = ?", params=[existingPost.id]);
894-
model("Tag").deleteAll(where="blogId = ?", params=[existingPost.id]);
893+
model("BlogCategory").deleteAll(where="blogId = #val(existingPost.id)#");
894+
model("Tag").deleteAll(where="blogId = #val(existingPost.id)#");
895895

896896
// Process taxonomies (categories and tags)
897897
processTaxonomies(item, existingPost.id, arguments.categoryMap, arguments.tagMap);
@@ -995,7 +995,7 @@ component extends="app.Controllers.Controller" {
995995
categoryId = arguments.categoryMap[categoryName];
996996
} else {
997997
// Look up category by name
998-
var existingCategory = model("Category").findOne(where="name = ?", params=[categoryName]);
998+
var existingCategory = model("Category").findOne(where="name = '#categoryName#'");
999999

10001000
if (isObject(existingCategory)) {
10011001
categoryId = existingCategory.id;
@@ -1159,7 +1159,7 @@ component extends="app.Controllers.Controller" {
11591159
}
11601160

11611161
// Check if this comment already exists in our system
1162-
var existingComment = model("Comment").findOne(where="wpId = ?", params=[wpCommentId]);
1162+
var existingComment = model("Comment").findOne(where="wpId = '#wpCommentId#'");
11631163

11641164
// Try to find a user ID for this comment author
11651165
var userId = 0;
@@ -1171,13 +1171,13 @@ component extends="app.Controllers.Controller" {
11711171
user = model("User").findByKey(userId);
11721172
} else if (commentUserId != "0") {
11731173
// If WordPress specified a user ID, try to find that user
1174-
user = model("User").findOne(where="wpId = ?", params=[commentUserId]);
1174+
user = model("User").findOne(where="wpId = '#commentUserId#'");
11751175
if (isObject(user)) {
11761176
userId = user.id;
11771177
}
11781178
} else if (len(trim(authorEmail))) {
11791179
// Try to find a user with this email
1180-
user = model("User").findOne(where="email = ?", params=[authorEmail]);
1180+
user = model("User").findOne(where="email = '#authorEmail#'");
11811181
if (isObject(user)) {
11821182
userId = user.id;
11831183
}
@@ -1186,7 +1186,7 @@ component extends="app.Controllers.Controller" {
11861186
// If no user found and we have an email, create a new user with "commenter" role
11871187
if (!isObject(user) && len(trim(authorEmail))) {
11881188
// Get the commenter role ID (you'll need to adjust this to your role system)
1189-
var commenterRole = model("Role").findOne(where="name = ?", params=["commenter"]);
1189+
var commenterRole = model("Role").findOne(where="name = 'commenter'");
11901190
var commenterRoleId = isObject(commenterRole) ? commenterRole.id : 4; // Default to role ID 4 if not found
11911191

11921192
// Create names array by splitting author name
@@ -1200,7 +1200,7 @@ component extends="app.Controllers.Controller" {
12001200
// Check if username exists and append number if needed
12011201
var baseUsername = username;
12021202
var counter = 1;
1203-
while (model("User").exists(where="username = ?", params=[username])) {
1203+
while (model("User").exists(where="username = '#username#'")) {
12041204
username = baseUsername & counter;
12051205
counter++;
12061206
}
@@ -1233,7 +1233,7 @@ component extends="app.Controllers.Controller" {
12331233
// Handle case where there's no email but we still have an author name
12341234
else if (!isObject(user) && !len(trim(authorEmail)) && len(trim(authorName))) {
12351235
// Get the commenter role ID
1236-
var commenterRole = model("Role").findOne(where="name = ?", params=["commenter"]);
1236+
var commenterRole = model("Role").findOne(where="name = 'commenter'");
12371237
var commenterRoleId = isObject(commenterRole) ? commenterRole.id : 4; // Default to role ID 4 if not found
12381238

12391239
// Create names array by splitting author name
@@ -1251,7 +1251,7 @@ component extends="app.Controllers.Controller" {
12511251
// Check if username exists and append number if needed
12521252
var baseUsername = username;
12531253
var counter = 1;
1254-
while (model("User").exists(where="username = ?", params=[username])) {
1254+
while (model("User").exists(where="username = '#username#'")) {
12551255
username = baseUsername & counter;
12561256
counter++;
12571257
}

app/controllers/admin/EmailTemplatesController.cfc

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -13,16 +13,16 @@ component extends="app.Controllers.Controller" {
1313
}
1414

1515
function view(){
16-
email = model("emailTemplate").findAll(where="id = ?", params=[params.id]);
16+
email = model("emailTemplate").findAll(where="id = #val(params.id)#");
1717
}
1818

1919
function edit(){
20-
email = model("emailTemplate").findAll(where="id = ?", params=[params.id]);
20+
email = model("emailTemplate").findAll(where="id = #val(params.id)#");
2121
}
2222

2323
function save(){
2424
try{
25-
email = model("emailTemplate").findOne(where="id = ?", params=[params.id]);
25+
email = model("emailTemplate").findOne(where="id = #val(params.id)#");
2626
if(structKeyExists(params, "id")){
2727
if (not isNull(email)) {
2828
// Edit the existing email post

app/controllers/admin/NewsletterController.cfc

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -202,7 +202,7 @@ component extends="app.Controllers.Controller" {
202202
);
203203

204204
if (type == "user") {
205-
var user = model("User").findOne(where="email = ?", params=[email]);
205+
var user = model("User").findOne(where="email = '#email#'");
206206
if (!isNull(user)) {
207207
user.update(newsletter=false);
208208
model("Log").log(
@@ -227,7 +227,7 @@ component extends="app.Controllers.Controller" {
227227
};
228228
}
229229
} else {
230-
var subscriber = model("NewsletterSubscriber").findOne(where="email = ?", params=[email]);
230+
var subscriber = model("NewsletterSubscriber").findOne(where="email = '#email#'");
231231
if (!isNull(subscriber)) {
232232
subscriber.update(status="inactive");
233233
model("Log").log(
@@ -369,7 +369,7 @@ component extends="app.Controllers.Controller" {
369369

370370
if (len(trim(searchTerm))) {
371371
// Search in users table
372-
var userSubscribers = model("User").findAll(where="newsletter = 1 AND (email LIKE ? OR firstname LIKE ? OR lastname LIKE ?)", params=["%#searchTerm#%", "%#searchTerm#%", "%#searchTerm#%"]);
372+
var userSubscribers = model("User").findAll(where="newsletter = 1 AND (email LIKE '%#searchTerm#%' OR firstname LIKE '%#searchTerm#%' OR lastname LIKE '%#searchTerm#%')");
373373
for (var user in userSubscribers) {
374374
subscribers.append({
375375
email: user.email,
@@ -380,7 +380,7 @@ component extends="app.Controllers.Controller" {
380380
}
381381

382382
// Search in newsletter_subscribers table
383-
var nonUserSubscribers = model("NewsletterSubscriber").findAll(where="email LIKE ?", params=["%#searchTerm#%"]);
383+
var nonUserSubscribers = model("NewsletterSubscriber").findAll(where="email LIKE '%#searchTerm#%'");
384384
for (var subscriber in nonUserSubscribers) {
385385
subscribers.append({
386386
email: subscriber.email,

app/controllers/admin/RolesController.cfc

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ component extends="app.Controllers.Controller" {
1818
if(id > 0) {
1919
role = model("role").findByKey(params.id);
2020
permissions = model("permission").findAll();
21-
activePermission = model("RolePermission").findAll(select="permissionId", where="roleId = ?", params=[params.id]);
21+
activePermission = model("RolePermission").findAll(select="permissionId", where="roleId = #val(params.id)#");
2222
existingPermissionIds = [];
2323
for (row in activePermission) {
2424
arrayAppend(existingPermissionIds, row.permissionId);
@@ -32,7 +32,7 @@ component extends="app.Controllers.Controller" {
3232
}
3333

3434
function checkRoleExistance(){
35-
var checkExistingRole = model("Role").findAll(where="name = ?", params=[params.Name]);
35+
var checkExistingRole = model("Role").findAll(where="name = '#params.Name#'");
3636
if(checkExistingRole.recordcount != 0){
3737
renderText('<p class="fs-12 ms-2">A role already exist with this name! Role name must be unique.');
3838
return;
@@ -43,7 +43,7 @@ component extends="app.Controllers.Controller" {
4343

4444
function store(){
4545
try {
46-
var checkExistingRole = model("Role").findAll(where="name = ?", params=[params.Name]);
46+
var checkExistingRole = model("Role").findAll(where="name = '#params.Name#'");
4747
if(checkExistingRole.recordcount != 0 && params.id == 0){
4848
redirectTo(action="index", error="A role already exist with name' #params.Name#'. Role name must be unique.");
4949
return;
@@ -85,7 +85,7 @@ component extends="app.Controllers.Controller" {
8585

8686
// Update role permissions
8787
permissionList = [];
88-
model("RolePermission").deleteAll(where="roleId = ?", params=[RoleData.id]);
88+
model("RolePermission").deleteAll(where="roleId = #val(RoleData.id)#");
8989
for (fieldName in RoleData) {
9090
if (left(fieldName, 11) == "permission-") {
9191
// Extract the numeric part after the dash

app/controllers/admin/TestimonialController.cfc

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ component extends="app.Controllers.Controller" {
1313
}
1414

1515
function testimonialdetails(){
16-
Testimonial = model("Testimonial").findAll(where="id = ?", params=[params.id], include = "User");
16+
Testimonial = model("Testimonial").findAll(where="id = #val(params.id)#", include = "User");
1717
}
1818

1919
function approve() {
@@ -218,7 +218,7 @@ component extends="app.Controllers.Controller" {
218218
Testimonial.isApproved = true;
219219
if (Testimonial.save()) {
220220
siteurl = urlFor(route="home", onlyPath=false);
221-
var emaildata = model("emailTemplate").findAll(where="title = ?", params=["Publish Testimonial"]);
221+
var emaildata = model("emailTemplate").findAll(where="title = 'Publish Testimonial'");
222222
var emailparams = {
223223
"name" = user.fullname,
224224
"buttonTitle" = emaildata.buttonTitle,

app/controllers/admin/UserController.cfc

Lines changed: 6 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -141,7 +141,7 @@ component extends="app.Controllers.Controller" {
141141
var hashedPassword = bCryptHashPW(params.passwordHash, bCryptGenSalt());
142142
var updateUserPassword = model("User").updateAll(
143143
passwordHash = hashedPassword,
144-
where = "id = ?", params=[session.userID]
144+
where = "id = #val(session.userID)#"
145145
);
146146
renderText("Password updated successfully!");
147147
return;
@@ -190,7 +190,7 @@ component extends="app.Controllers.Controller" {
190190
}
191191

192192
var savedFileName = uploadedFile.serverFile;
193-
model("User").updateAll(profilePicture = savedFileName, where = "id = ?", params=[session.userID]);
193+
model("User").updateAll(profilePicture = savedFileName, where = "id = #val(session.userID)#");
194194
session.profilePic = savedFileName;
195195
renderText("Profile picture uploaded successfully!");
196196
return;
@@ -254,7 +254,7 @@ component extends="app.Controllers.Controller" {
254254
* @id User identifier
255255
*/
256256
private function findById(id) {
257-
return model("User").findAll(where="id = ?", params=[arguments.id], returnAs="query");
257+
return model("User").findAll(where="id = #val(arguments.id)#", returnAs="query");
258258
}
259259

260260
/**
@@ -287,7 +287,7 @@ component extends="app.Controllers.Controller" {
287287
}
288288
} else {
289289
// Check if user with the same email already exists
290-
var existingUser = model("User").findFirst(where="email = ?", params=[userData.email]);
290+
var existingUser = model("User").findFirst(where="email = '#userData.email#'");
291291

292292
if (!isObject(existingUser)) {
293293
// Create a new user
@@ -324,16 +324,13 @@ component extends="app.Controllers.Controller" {
324324
*/
325325
private function search(term = "", page = 1, perPage = 20) {
326326
var whereCondition = "1=1";
327-
var searchParams = [];
328327

329328
if (len(trim(arguments.term))) {
330-
whereCondition = "1=1 AND (name LIKE ? OR email LIKE ?)";
331-
searchParams = ["%#arguments.term#%", "%#arguments.term#%"];
329+
whereCondition = "1=1 AND (name LIKE '%#arguments.term#%' OR email LIKE '%#arguments.term#%')";
332330
}
333331

334332
return model("User").findAll(
335333
where = whereCondition,
336-
params = searchParams,
337334
order = "createdAt DESC",
338335
page = arguments.page,
339336
perPage = arguments.perPage,
@@ -351,7 +348,7 @@ component extends="app.Controllers.Controller" {
351348
if (!isNull(user)) {
352349

353350
if (user.delete()) {
354-
model("LoginAttempt").deleteAll(where="email = ?", params=[user.email]);
351+
model("LoginAttempt").deleteAll(where="email = '#user.email#'");
355352
return {
356353
success = true,
357354
message = "User soft deleted successfully"

app/controllers/api/v1/AuthController.cfc

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ component extends="app.Controllers.Controller" {
3030
}
3131

3232
// Check if email already exists
33-
var existingUser = model("User").findFirst(where="email = ?", params=[email]);
33+
var existingUser = model("User").findFirst(where="email = '#email#'");
3434

3535
if (isObject(existingUser)) {
3636
renderText(serializeJSON({

0 commit comments

Comments
 (0)