even with a username/password protecting it? tony -----Original Message----- From: Mark A. Kruger - CFG [mailto:[EMAIL PROTECTED]] Sent: Monday, December 02, 2002 11:03 PM To: CF-Talk Subject: RE: shooting my server soon....
bingo - if you have a string you are building that includes single quotes, you have to use the "preservesinglequotes( )" function. Otherwise you would get exactly this syntax errror - the query without the function would end up being: update [reports] set password = ' '123xxx456' ' (two sets of single quotes). Tony, I wouldn't do it this way unless you are doing some kind of one-time query - or building some form of on-line query analyzer. The security risk is pretty high. I would at least restrict DML type queries using SQL permissions. -mk -----Original Message----- From: Samuel Neff [mailto:[EMAIL PROTECTED]] Sent: Monday, December 02, 2002 9:48 PM To: CF-Talk Subject: RE: shooting my server soon.... So the entire SQL is inside the form field, including the single quotes? Then you need PreserveSingleQuotes()--and think about the security issue.. > -----Original Message----- > From: Tony Weeg [mailto:[EMAIL PROTECTED]] > Sent: Monday, December 02, 2002 10:44 PM > To: CF-Talk > Subject: RE: shooting my server soon.... > > > ok great, it works when i have this in a page... > > <cfquery name="ex" datasource="cx"> > update [reports] set password = '123xxx456' > </cfquery> > > but not when i send this string from a form field > textarea called sql > > update [reports] set password = '123xxx456' > > > <cfquery name="ex" datasource="cx"> > #form.sql# > </cfquery> > > any idea? > > tony > > -----Original Message----- > From: David Notik [mailto:[EMAIL PROTECTED]] > Sent: Monday, December 02, 2002 10:26 PM > To: CF-Talk > Subject: RE: shooting my server soon.... > > > Try adding a valid WHERE clause and see if the statement works. > > UPDATE Reports SET Password = 'XXXXXX' WHERE ID=1 > > That will at least get you closer to diagnosing the cause. > > Also, be sure your CFQUERY tags have proper < and >. > > --Dave > > ################### > David Notik > Digital202, LLC > Imagination gone digital. > Web: www.digital202.com > E-mail: [EMAIL PROTECTED] > Office: (206) 575-1717 > Mobile: (206) 351-3948 > ################### > > > -----Original Message----- > From: Tony Weeg [mailto:[EMAIL PROTECTED]] > Sent: Monday, December 02, 2002 7:21 PM > To: CF-Talk > Subject: RE: shooting my server soon.... > > ok..... > > update [reports] set password = 'xxxx' > > Message: Error Executing Database Query. > Detail: [Macromedia][SQLServer JDBC Driver][SQLServer]Line 1: > Incorrect syntax near 'xxxx'. > Native Error Code: 170 > SQL State: HY000 > > same error? > > tony > > -----Original Message----- > From: Matthew Walker [mailto:[EMAIL PROTECTED]] > Sent: Monday, December 02, 2002 10:15 PM > To: CF-Talk > Subject: RE: shooting my server soon.... > > > Don't know. One of the secrets of T-SQL I guess. ;-) > > > -----Original Message----- > > From: Tony Weeg [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, 3 December 2002 4:06 p.m. > > To: CF-Talk > > Subject: RE: shooting my server soon.... > > > > > > but why can i do it fine in select statements? > > > > tony > > > > -----Original Message----- > > From: Matthew Walker [mailto:[EMAIL PROTECTED]] > > Sent: Monday, December 02, 2002 9:59 PM > > To: CF-Talk > > Subject: RE: shooting my server soon.... > > > > > > Reports is a reserved word. Wrap it in [] > > http://aspfaq.com/show.asp?id=2080 > > > > > > > > > -----Original Message----- > > > From: Tony Weeg [mailto:[EMAIL PROTECTED]] > > > Sent: Tuesday, 3 December 2002 3:45 p.m. > > > To: CF-Talk > > > Subject: shooting my server soon.... > > > > > > > > > why? > > > > > > update reports set password = 'xxxx' > > > > > > will not work in my cf code on my cfmx server. > > > > > > i can run the same query in query analyzer, and all is well. > > > > > > any explanation would save my ***king server... > > > > > > thanks > > > > > > ...tony > > > > > > tony weeg > > > [EMAIL PROTECTED] > > > www.revolutionwebdesign.com > > > rEvOlUtIoN wEb DeSiGn > > > 410.334.6331 > > > > > > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting.
