Normally you just double up the single quotes to make them literal - apparently that is causing problems. How would you do this outside of Cold Fusion? Doesn't SQL have a native way to do this?
Dustin Snell Unisyn Software, LLC ----- Original Message ----- From: "Matthew Walker" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Thursday, February 27, 2003 4:14 PM Subject: RE: mixed quotes in SQL statement > What's your "standard escape method"? > > I'd recommend using cfqueryparam. > SELECT * FROM TABLE WHERE fieldname=<cfqueryparam > value="'<ahref=""javascript('='10')""> hot java</a>'"> > > > > > -----Original Message----- > From: Dustin Snell [Unisyn Software] [mailto:[EMAIL PROTECTED] > Sent: Friday, 28 February 2003 11:58 a.m. > To: CF-Talk > Subject: mixed quotes in SQL statement > > Hello, does anyone know how to include mixed (single and double) quotes in a > text value in a SQL query? The standard escape method doesn't seem to work > here. For example (text shown is the literal text we want to use and of > course does not work in it's current form because of the single quote): > > SELECT * FROM TABLE WHERE fieldname='<ahref="javascript('='10')"> hot java > </a>' > > Any ideas on how one would make this query work? > > Thanks! > > Dustin Snell > Unisyn Software, LLC > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4