Patrick Forsythe wrote: > > <cfquery datasource="#db#" name="session.searchresults" > > #preservesinglequotes(querystring)# > </cfquery>
Try to find a way to avoid putting your SQL query into a variable, then you can use cfqueryparam and avoid the use of PreserveSingleQuotes, and you'll make security auditors happy. And you won't have to worry about whether or not the field has a single quote or not. Rick ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:259099 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
