What's your "standard escape method"?
I'd recommend using cfqueryparam.
SELECT * FROM TABLE WHERE fieldname=<cfqueryparam
value="'<ahref=""javascript('='10')""> hot java</a>'">
-----Original Message-----
From: Dustin Snell [Unisyn Software] [mailto:[EMAIL PROTECTED]
Sent: Friday, 28 February 2003 11:58 a.m.
To: CF-Talk
Subject: mixed quotes in SQL statement
Hello, does anyone know how to include mixed (single and double) quotes in a
text value in a SQL query? The standard escape method doesn't seem to work
here. For example (text shown is the literal text we want to use and of
course does not work in it's current form because of the single quote):
SELECT * FROM TABLE WHERE fieldname='<ahref="javascript('='10')"> hot java
</a>'
Any ideas on how one would make this query work?
Thanks!
Dustin Snell
Unisyn Software, LLC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription:
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Get the mailserver that powers this list at http://www.coolfusion.com
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
