yea so don't forget to do your own SQL injection protection as well.
On Thu, Sep 16, 2010 at 1:54 PM, Rick Root <[email protected]> wrote: > > Aside from my trepidations about generating SQL like this because it > prevents you from using <cfqueryparam>, what you're looking for is > #preserveSingleQuotes()# > > coldfusion automatically escapes any single quotes in variables that > are within a <cfquery> tag so if your query SQL is a variable > > <cfquery ...> > select blah blah blah > from blah > group by blah > #preserveSingleQuotes(havingClause)# > </cfquery> > > Otherwise, the single quotes get doubled up and you'll get errors. > > Rick > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337113 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
