OK, Duh... I get it. I saw that backslash as the value parameter in your original example and didn't make the obvious follow-on assumption that a form var containing backslashes could be used and similarly preserved.
--------------------------------------- Matt Robertson [EMAIL PROTECTED] MSB Designs, Inc., www.mysecretbase.com --------------------------------------- ---------- Original Message ---------------------------------- from: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] date: Tue, 13 Aug 2002 16:21:15 -0400 (EDT) Uh...like this? <cfquery name="test" datasource="cfmx"> INSERT INTO blah(test,col2,col3) VALUES( <cfqueryparam value="#FORM.VARNAME#" cfsqltype="CF_SQL_LONGVARCHAR">, <cfqueryparam value="#FORM.VARNAME#" cfsqltype="CF_SQL_LONGVARCHAR">, <cfqueryparam value="#FORM.VARNAME#" cfsqltype="CF_SQL_LONGVARCHAR"> ) </cfquery> cfqueryparam already takes care of the ' quotes around variables. ~Todd On Tue, 13 Aug 2002, Matt Robertson wrote: > I'm religious about them these days on WHERE clauses, but I don't understand how to >use them in INSERTs. I see your example, but I can't figure out how it applies to >inserting a form value. Don't see anything in the docs, either (I'm on 4.5). All it >covers is WHERE clauses. > > Can you shed some light on the clueless one ;D ? > > --------------------------------------- > Matt Robertson [EMAIL PROTECTED] > MSB Designs, Inc., www.mysecretbase.com > --------------------------------------- > > > ---------- Original Message ---------------------------------- > from: [EMAIL PROTECTED] > Reply-To: [EMAIL PROTECTED] > date: Tue, 13 Aug 2002 14:24:37 -0400 (EDT) > > FYI - If I use queryparams, I don't have to escape anything. :P > > <cfquery name="test" datasource="cfmx"> > INSERT INTO blah(test) > VALUES(<cfqueryparam value="\" cfsqltype="CF_SQL_LONGVARCHAR">) > </cfquery> > > If this doesn't convince you to use queryparms yet, I don't know what > will. Dammit, Ben Forta said DO IT! :) > > ~Todd > > On Tue, 13 Aug 2002, S. Isaac Dealey wrote: > > > Wow... If I used mySQL at all I'd probably wind up writing my own custom-tag > > wrappers for cfquery and cfstoredproc and the like just to automate the > > process of escaping them... not just for file paths, but any and every place > > where a user might enter data of any kind... > > > > Isaac Dealey > > Certified Advanced ColdFusion Developer > > > > www.turnkey.to > > 954-776-0046 > > -- ============================================================ Todd Rafferty ([EMAIL PROTECTED]) - http://www.web-rat.com/ | Team Macromedia Volunteer for ColdFusion | http://www.macromedia.com/support/forums/team_macromedia/ | http://www.flashCFM.com/ - webRat (Moderator) | http://www.ultrashock.com/ - webRat (Back-end Moderator) | ============================================================ ______________________________________________________________________ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
