It doesn't look like it went through, Stacy. I've taken the information and submitted a bug for it though, so no need to go back and do it again.
Deb -----Original Message----- From: Stacy Young [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 30, 2002 5:34 PM To: CF-Talk Subject: RE: Bug in MX w/ CFQUERYPARAM? Well I tried to submit it but got a "Page could not be displayed"...but I think it went thru. -----Original Message----- From: Stacy Young [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 30, 2002 5:29 PM To: CF-Talk Subject: RE: Bug in MX w/ CFQUERYPARAM? I had the same problem....but to be honest I didn't know it was the inline TRIM. Since it was a small personal app I was working on I had just removed the CFQUERYPARAM. (I just verified and I WAS using TRIM() inside the tag) I was working with Win2k OS, Built-in Web Server running CFMX final. Single quotes were added to my input parameters. Have you submitted this as a bug yet? Stace -----Original Message----- From: Kreig Zimmerman [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 30, 2002 4:35 PM To: CF-Talk Subject: Bug in MX w/ CFQUERYPARAM? Hello All, We upgraded our test server to CFMX this weekend (w/ Apache 1.3.20 WS). Most all of our queries that accept user input are sanitized before being inserted in the DB in an Update statment, to whit: <cfquery datasource="#DB#"> UPDATE [dbo].[Sizes] SET [Jumbo] = <cfqueryparam value="#HTMLEditFormat(Trim(attributes.Jumbo))#" cfsqltype="CF_SQL_VARCHAR"> WHERE [SizeID] = <cfqueryparam value="#attributes.sizeuid#" cfsqltype="CF_SQL_INTEGER"> </cfquery> This works fine in CF 5. However, after upgrading to CFMX, I find that now CF is attempting to "Preserve Single Quotes" in the value. Which makes no sense. It does this ONLY when I have the HTMLEditFormat() and/or Trim() functions inline. (I didn't test other string functions, but they're not directly relelvant to my issue either.) It does this with BOTH SQL Server and ODBC Socket drivers. If I treat the string beforehand, e.g. . joe=HTMLEditFormat(Trim(attributes.Jumbo)); . SET [Jumbo] = <cfqueryparam value="#joe#" cfsqltype="CF_SQL_VARCHAR"> . then MX does NOT attempt to double up single quotes (Preserve Single Quotes). Being as this functions differently from CF5 I'm wondering--is this a bug or a feature? Has anyone else encountered this issue? Thanks. ______________________________________________________________________ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
