Exactly. .:.:.:.:.:.:.:.:.:.:.:.:.:. Bobby Hartsfield http://acoderslife.com http://cf4em.com
-----Original Message----- From: Peter Boughton [mailto:[email protected]] Sent: Saturday, June 25, 2011 9:24 AM To: cf-talk Subject: Re: Double Quote issue Don't built dynamic queries with user-supplied data, unless you like exposing yourself to SQL injection. <cfquery name="myQuery" datasource="myDatasource"> SELECT value FROM table1 WHERE id = <cfqueryparam value="#url.param1#" /> </cfquery> And url.param1 can contain as many single or double quotes as you like without causing any SQL issues at all. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:345669 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
