> Therefore, if you follow best security practices as recommended by Macromedia (everyone > does, right?) then the question of auto-escaping single quotes within CFQUERY is a non- > issue. If you're not following best security practices, well...
Id like to use cfqueryparam, however, Im composing where clauses and order clauses outside the body of the query tag. I thought that maybe I could evaluate the queryparam in a string, but that doesn't seem to be feasible. The only solution Ive had suggested is to write the whole thing out to a file and then cfinclude it ( urghh ). Jon. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
