Ahhhh yes. I've run into that problem before. When you finally figure out that the problem is caused by quotation marks, the code to fix it (preserveSingleQuotes) is so simple. :) Z
-----Original Message----- From: Rob Harrington [mailto:[EMAIL PROTECTED] Sent: Monday, September 25, 2006 3:33 PM To: CF-Newbie Subject: Re: Executing a user input query I put in #preserveSingleQuotes(form.sqlquery)# in the cfquery so the quotes in the input wouldn't screw it up. (It was a function I didn't know about until trying to google for the answer.) So now to get the correct results I would just enter select * from Exchanges WHERE country = 'USA' and it doesn't break anymore... > I am creating a page that allows a user to write and submit their own > SQL query via a form textarea with the data being returned on the page. > So far I have been pretty successful except that when a user inputs a > query with a WHERE clause that references a char column type (i.e. > select * from Exchanges WHERE country = 'USA') it doesn't work. > However when the WHERE clause references a numeric column (i.e. select > * from Exchanges WHERE exchangeID=5) it works fine. Could this have > something to do with the quotes? How can I handle this? Here is a > snippet of my code: > ................. > > > <form method="post" name="formQuery" action="InputSQL.cfm"> > <input type="hidden" value="DoMyQuery" name="MyQuery"> > <textarea style="overflow:auto" name="sqlquery" rows="8" > cols="100"></textarea><br /><br /> > <input type="submit"> > </form> > > <cfif form.MyQuery eq "DoMyQuery"> > <cfset thequery = form.sqlquery> > <cfoutput>#thequery#</cfoutput> > <!--- executes the query---> > <cfquery datasource="MarketData" name="GetData"> > #form.sqlquery# > </cfquery> > ....................... > > > Thanks for any help... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Newbie/message.cfm/messageid:2100 Subscription: http://www.houseoffusion.com/groups/CF-Newbie/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.15
