Right I am switching everything to <cfqueryparam> as I read about SQL injection.
Do you see my Invalid CFML construct found on line 22 at column 120. above though? I still dont. -Jason >if you're going to be generating your SQL like that, you'll need to wrap >your final variable in preserveSingleQuotes(). > >so... > ><cfquery name="addpersonaleventtome" datasource="cf_WikiData"> > #preserveSingleQuotes(sqlToRun)# ></cfquery> > >it will be pointed out to you (possibly before I even finish composing this >response), that you are leaving yourself open to SQL injection attacks by >not using <cfqueryparam>. Hopefully you're at least taking other steps to >sanitize the inputs :) > >On Sun, Jun 28, 2009 at 11:23 AM, Jas > >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:324029 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
