Azadi, Excellent tip - and another item to add to the arsenal against sql injection :)
Mark A. Kruger, CFG, MCSE (402) 408-3733 ext 105 www.cfwebtools.com www.coldfusionmuse.com www.necfug.com -----Original Message----- From: Azadi Saryev [mailto:[EMAIL PROTECTED] Sent: Thursday, May 15, 2008 9:01 PM To: CF-Talk Subject: Re: Dealing with MySQL escape sequences you can run MySQL in NO_BACKSLASH_ESCAPES mode: see chapter 5.2.6 in MySQL ref manual there's more in the Appedixes: This SQL mode also can be enabled automatically when the server starts by using the command-line option --sql-mode=NO_BACKSLASH_ESCAPESor by setting sql-mode=NO_BACKSLASH_ESCAPES in the server option file (for example, my.cnf or my.ini, depending on your system). there appears to be no jdbc connector option to change this behaviour, so have to do in server config/start... hth Azadi Saryev Sabai-dee.com http://www.sabai-dee.com/ Jim McAtee wrote: > I ran into a problem inserting records into a MySQL 5.0 database when > there's a backslash as the final character of a string value. I never > noticed this until I began working with some randomly generated > character strings. > > INSERT INTO users ( > name, > email, > username, > salt, > password > ) > VALUES ( > 'Cindy Smith', > '[EMAIL PROTECTED]', > 'cindysmith', > 'd}\', > 'c9a96937d248c0f192ff217a72935cdd' > ) > > The workaround is to either enapsulate the value in a <cfqueryparam> > tag or to escape the backslashes with \\. But I also realize that > there are any number of places where this could crop up in existing > code. Is this a bug in CF8's handling of these strings for MySQL? I > would have thought it would escape them transparently. > > Is there a better workaround? > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;192386516;25150098;k Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:305394 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
