Personally I've never used the CFQueryparam tag, but Surely the query should
read,
<cfquery name="contacts" datasource="Contacts" >
SELECT ID, FirstName, LastName, JobTitle,BusinessPhone FROM exoduscontacts
WHERE
LastName like '%#form.what#%' ORDER BY LastName ASC
</cfquery>
Jason Lees
E-Mail:[EMAIL PROTECTED]
-----Original Message-----
From: Thomas Chiverton [mailto:[EMAIL PROTECTED]]
Sent: Thursday, April 05, 2001 1:55 PM
To: CF-Talk
Subject: Oddness with cfqueryparam
cfqueryparam doesnt seem to be doing as expected:
<cfquery name="contacts" datasource="Contacts" >
SELECT ID, FirstName, LastName, JobTitle,BusinessPhone FROM exoduscontacts
WHERE
LastName like '%<cfqueryparam value="form.what">%' ORDER BY LastName ASC
</cfquery>
Debugging shows
Form Fields:</B>
FIELDNAMES=WHAT
WHAT=ch
and the query as
SQL =
SELECT ID, FirstName, LastName, JobTitle,BusinessPhone FROM exoduscontacts
WHERE
LastName like '%?%' ORDER BY LastName ASC
What gives ? Shouldnt cfqueryparam sanatise the string (for " and ; etc.) ?
Regards,
Thomas Chiverton,
Intranet Architect and Desktop Analyst
Office: 01565 757 909
As a GUI, reality in useless...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
