Normally you just double up the single quotes to make them literal -
apparently that is causing problems. How would you do this outside of Cold
Fusion? Doesn't SQL have a native way to do this?
Dustin Snell
Unisyn Software, LLC
----- Original Message -----
From: "Matthew Walker" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Thursday, February 27, 2003 4:14 PM
Subject: RE: mixed quotes in SQL statement
> What's your "standard escape method"?
>
> I'd recommend using cfqueryparam.
> SELECT * FROM TABLE WHERE fieldname=<cfqueryparam
> value="'<ahref=""javascript('='10')""> hot java</a>'">
>
>
>
>
> -----Original Message-----
> From: Dustin Snell [Unisyn Software] [mailto:[EMAIL PROTECTED]
> Sent: Friday, 28 February 2003 11:58 a.m.
> To: CF-Talk
> Subject: mixed quotes in SQL statement
>
> Hello, does anyone know how to include mixed (single and double) quotes in
a
> text value in a SQL query? The standard escape method doesn't seem to
work
> here. For example (text shown is the literal text we want to use and of
> course does not work in it's current form because of the single quote):
>
> SELECT * FROM TABLE WHERE fieldname='<ahref="javascript('='10')"> hot java
> </a>'
>
> Any ideas on how one would make this query work?
>
> Thanks!
>
> Dustin Snell
> Unisyn Software, LLC
>
>
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription:
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Signup for the Fusion Authority news alert and keep up with the latest news in
ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
