Scott: That error usually indicates an error with the query itself, not necessarily an error with the value passed in. For example, you may be missing a comma after the 10th parameter (i.e., the 10th cfqueryparam). Send the SQL code from the debug info and let's see what we can do.
-- Mosh Teitelbaum evoch, LLC Tel: (301) 942-5378 Fax: (301) 933-3651 WWW: http://www.evoch.com/ > -----Original Message----- > From: Scott Stewart [mailto:[EMAIL PROTECTED] > Sent: Friday, August 08, 2008 4:04 PM > To: CF-Talk > Subject: Break from the SQL Injection thread.... weird SQL error > > [Macromedia][SQLServer JDBC Driver][SQLServer]Line 28: Incorrect syntax > near '@P10'. > > I haven't the foggiest idea what's going on here. > > here's the passed in params from the java trace: > > (param 1) = [type='IN', class='java.lang.String', value='Elmer', > sqltype='cf_sql_varchar'] , > (param 2) = [type='IN', class='java.lang.String', value='J', > sqltype='cf_sql_varchar'] , > (param 3) = [type='IN', class='java.lang.String', value='Fudd', > sqltype='cf_sql_varchar'] , > (param 4) = [type='IN', class='java.lang.String', value='000000000', > sqltype='cf_sql_varchar'] , > (param 5) = [type='IN', class='java.lang.String', value='000000000', > sqltype='cf_sql_varchar'] , > (param 6) = [type='IN', class='java.lang.String', value='00000', > sqltype='cf_sql_varchar'] , > (param 7) = [type='IN', class='java.lang.String', > value='[EMAIL PROTECTED]', sqltype='cf_sql_varchar'] , > (param 8) = [type='IN', class='java.lang.String', value='703-555-1212', > sqltype='cf_sql_varchar'] , > (param 9) = [type='IN', class='java.lang.String', value='3120', > sqltype='cf_sql_varchar'] , > (param 10) = [type='IN', class='java.lang.String', value='Academic > Advising', sqltype='cf_sql_varchar'] , > (param 11) = [type='IN', class='java.lang.Boolean', value='false', > sqltype='CF_SQL_BIT'] , > (param 12) = [type='IN', class='java.lang.Boolean', value='false', > sqltype='CF_SQL_BIT'] , > (param 13) = [type='IN', class='java.lang.String', value='Web', > sqltype='cf_sql_varchar'] , > (param 14) = [type='IN', class='java.lang.Boolean', value='true', > sqltype='CF_SQL_BIT'] , > (param 15) = [type='IN', value='null', sqltype='CF_SQL_DATE'] , > (param 16) = [type='IN', class='java.lang.String', value='{d > '2008-08-08'}', sqltype='CF_SQL_DATE'] > > It's just a simple insert, and everything lines up (I think) > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310574 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4