spec/doc_get.cfm

<cfsilent>
<cfimport prefix="m" taglib="mod"/>
<cfimport prefix="m" taglib="mod/bean"/>
<cfimport prefix="layout" taglib="layout"/>

<cfparam name="entity"/>
<cfparam name="doc_id" type="integer"/>
<cfparam name="action" default=""/>

<!--- validate entity to prevent sql injection--->
<cfmodule template="mod/attach_support.cfm" entity="#entity#"/>

<cfset errMsg=""/>

<cftry>
	<!---Проверяем параметр на корректность, и все равно стремно --->
	<cfquery name="qRead" datasource="#request.DS#">
		select d.doc, d.fname, d.contenttype
		from #entity#_doc d
		where #entity#_doc_id=<cfqueryparam cfsqltype="cf_sql_integer" value="#doc_id#"/>
	</cfquery>

	<cfcatch type="Any">
		<cfset errMsg="#CFCATCH.Message#. #CFCATCH.Detail#"/>
	</cfcatch>
</cftry>

</cfsilent><cfif len(errMsg)><cfoutput>#errMsg#</cfoutput><cfelse>
<cfswitch expression=#action#><cfcase value="download"><cfheader name="Content-Disposition" value='attachment; filename="#qRead.fname#"'/><cfcontent type="#qRead.contenttype#" variable=#qRead.doc#/></cfcase><cfdefaultcase><cfheader name="Content-Disposition" value='inline; filename="#qRead.fname#"'/><cfcontent type="#qRead.contenttype#" variable=#qRead.doc#/></cfdefaultcase></cfswitch></cfif>