Aha - that is important info. ;) Use PreserveSingleQuotes() around the query string.
Also be careful allowing SQL to be submitted via a form, because it can allow malicious users to execute queries at will. --D -----Original Message----- From: Tony Weeg [mailto:[EMAIL PROTECTED]] Sent: Monday, December 02, 2002 7:44 PM To: CF-Talk Subject: RE: shooting my server soon.... ok great, it works when i have this in a page... <cfquery name="ex" datasource="cx"> update [reports] set password = '123xxx456' </cfquery> but not when i send this string from a form field textarea called sql update [reports] set password = '123xxx456' <cfquery name="ex" datasource="cx"> #form.sql# </cfquery> any idea? tony -----Original Message----- From: David Notik [mailto:[EMAIL PROTECTED]] Sent: Monday, December 02, 2002 10:26 PM To: CF-Talk Subject: RE: shooting my server soon.... Try adding a valid WHERE clause and see if the statement works. UPDATE Reports SET Password = 'XXXXXX' WHERE ID=1 That will at least get you closer to diagnosing the cause. Also, be sure your CFQUERY tags have proper < and >. --Dave ################### David Notik Digital202, LLC Imagination gone digital. Web: www.digital202.com E-mail: [EMAIL PROTECTED] Office: (206) 575-1717 Mobile: (206) 351-3948 ################### -----Original Message----- From: Tony Weeg [mailto:[EMAIL PROTECTED]] Sent: Monday, December 02, 2002 7:21 PM To: CF-Talk Subject: RE: shooting my server soon.... ok..... update [reports] set password = 'xxxx' Message: Error Executing Database Query. Detail: [Macromedia][SQLServer JDBC Driver][SQLServer]Line 1: Incorrect syntax near 'xxxx'. Native Error Code: 170 SQL State: HY000 same error? tony -----Original Message----- From: Matthew Walker [mailto:[EMAIL PROTECTED]] Sent: Monday, December 02, 2002 10:15 PM To: CF-Talk Subject: RE: shooting my server soon.... Don't know. One of the secrets of T-SQL I guess. ;-) > -----Original Message----- > From: Tony Weeg [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, 3 December 2002 4:06 p.m. > To: CF-Talk > Subject: RE: shooting my server soon.... > > > but why can i do it fine in select statements? > > tony > > -----Original Message----- > From: Matthew Walker [mailto:[EMAIL PROTECTED]] > Sent: Monday, December 02, 2002 9:59 PM > To: CF-Talk > Subject: RE: shooting my server soon.... > > > Reports is a reserved word. Wrap it in [] > http://aspfaq.com/show.asp?id=2080 > > > > > -----Original Message----- > > From: Tony Weeg [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, 3 December 2002 3:45 p.m. > > To: CF-Talk > > Subject: shooting my server soon.... > > > > > > why? > > > > update reports set password = 'xxxx' > > > > will not work in my cf code on my cfmx server. > > > > i can run the same query in query analyzer, and all is well. > > > > any explanation would save my ***king server... > > > > thanks > > > > ...tony > > > > tony weeg > > [EMAIL PROTECTED] > > www.revolutionwebdesign.com > > rEvOlUtIoN wEb DeSiGn > > 410.334.6331 > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm
