Hi, I need to build a SQL update statement dynamically, based on what form fields are being passed in at a particular time. The database is MS SQL Server.
Many of the fields are longish text fields, which may have single quotes within them. I can determine the datatype of each passed field by looking for a value within the form field name itself. While I can build the statement as straight SQL, I'd like to use cfqueryparam for all the usual reasons, including the fact that it will deal with handling those text fields properly, escaping the single quotes as necessary. But this doesn't seem possible, since I have to output the SQL string in the cfquery statement. I can build the cfqueryparam statements into the string, but they aren't evaluated. Is there any way to use cfqueryparam in this situation? And if not, what is the proper way to escape those single quotes so that I can leave them within the individual text string? -- Thanks, Tom Tom McNeer MediumCool http://www.mediumcool.com 530 Means St NW, Suite 110 Atlanta, GA 30318 404.589.0560 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:204686 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
