Whilst testing some TestBox glitches (more about that in a later article, but the executive summary is "it's good!"), I noticed some dodgy behaviour in the ODBC-date/time-formatting functions. In both ColdFusion and Railo.
TBH, I have no idea why we are using
createOdbcDate()
in our codebase at all... we do not use ODBC drivers. And that'd be the only time one would want to use these functions. Equally, they're only really useful if one wants to pass dates to DBs as strings, hard-coded into the SQL statement, and this should be actively discouraged in favour of passing parameters; and for that a native CFML date/time object is fine.Firstly... what the hell are these functions for? (that's rhetorical... I'm about to tell you...) ODBC defines a string format one can use to unambiguously represent a date value. The details are in the Microsoft docs: "ODBC Datetime Format", but a summary is this:
Note that the specification is very clear that the{ literal_type 'constant_value' }
literal_type
Specifies the type of the escape sequence. Timestamps have three literal_type specifiers:
- d
- date only
- t
- time only
- ts
- timestamp (time + date)
constant_value
Is the value of the escape sequence. constant_value must follow these formats for each literal_type.
- d
yyyy-mm-dd
- t
hh:mm:ss[.fff]
- ts
yyyy-mm-dd hh:mm:ss[.fff]
d
is date only; the t
is time only; and the ts
is both.