Make sure to use Preservesinglequote() IN the query -- not in defining the
string ...
ie.
WhereString = Preservesinglequotes("userID = 'foo' ")
SELECT blah
FROM yuk
WHERE #whereString#
is WRONG
------------
WhereString = "userID = 'foo' "
SELECT blah
FROM yuk
WHERE #Preservesinglequotes(whereString)#
is RIGHT
-------------
Personally, since I discovered cfqueryparam, I've rewriting all code where I
used these techniques, because I prefer all the extra benefits of
CFQUERYPARAM (protection from SQL Injection, improved execution plans on the
SQL Server). I had to move a lot of decision code back into my CFQUERY, but
I think it's worth it.
-----Original Message-----
From: Qasim Rasheed [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 11, 2003 2:36 PM
To: CF-Talk
Subject: RE: Misbehaving query
Hello,
You can use Preservesinglequote() function
-----Original Message-----
From: Sparrow-Hood, Walter [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 11, 2003 5:26 PM
To: CF-Talk
Subject: Misbehaving query
I am trying dynamically build a query.
I have the following string variable:
WhereString = "userID = 'foo' "
When I do a normal cfoutput #whereString# I get userID = 'foo'
So far, so good == but when I put it in a cfquery such as,
SELECT blah
FROM yuk
WHERE #whereString#
CF ends up passing user="foo" in the SQL string and it obviously throws
an error.
Anybody know how to get around this??
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Archives: http://www.houseoffusion.com/lists.cfm?link=t:4
Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Your ad could be here. Monies from ads go to support these lists and provide more
resources for the community.
http://www.fusionauthority.com/ads.cfm
