> But not when using cfqueryparam. Using cfqueryparam is meant to call the > functionality of the database driver to do the escaping. Any escaping done by CF > before that will only result in doubling the quotes twice, and therefore CF > should do no escaping whatsoever of any value passed through cfqueryparam.
Yes, I do remember seeing your previous comments about using CFQUERYPARAM to preserve single quotes...but I could never get that to test out. Do you have a resource to share? Maybe this is just another Access anomaly... Anyway, here's some test code I ran (CFMX/Access) before sending my last post... <cfset variables.showLabel = "abc's"> <cfquery datasource="test"> UPDATE foo SET showLabel = <cfqueryparam cfsqltype="cf_sql_varchar" value="#trim(PreserveSingleQuotes(showLabel))#" /> where foo_id = 1 </cfquery> ...foo is now abc's in the database, which is what we want. But when I change the CFQUERYPARAM tag to <cfqueryparam cfsqltype="cf_sql_varchar" value="#trim(HTMLEditFormat(showLabel))#" /> ...foo becomes abc''s in the database If I change the CFQUERYPARAM tag again to <cfqueryparam cfsqltype="cf_sql_varchar" value="#trim(showLabel)#" /> foo is still abc''s ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
