Re: CF5 adding extra quote marks to cfquery

[eric . laney]

ColdFusion is protecting what it believes to be data by escaping your quote
marks.  If you were trying to insert values into the database with dynamic
CF code, you'd need this functionality to make sure all the data got to the
right place.  CF has no way to automatically know which one you're trying
to do.

Use the PreserveSingleQuotes() function to prevent this behavior.
|-----------------+-------------------------------------------------------|
|Eric A. Laney    |"Sure, 90% of all software is crap. That's because 90% |
|Systems Engineer |of everything is crap."                                |
|LAN Optimization |                                                       |
|Team             |                                                       |
|Voice:           |                - Mary Shaw, Carnegie-Mellon University|
|813.978.4404     |                                                       |
|Pager:           |                                                       |
|888.985.8519     |                                                       |
|-----------------+-------------------------------------------------------|





                                                                                       
                                            
                    "Thomas Chiverton"                                                 
                                            
                    <thomas.chiverton@e        To:     CF-Talk 
<[EMAIL PROTECTED]>                                         
                    xodus.net>                 cc:                                     
                                            
                                               Subject:     CF5 adding extra quote 
marks to cfquery                                
                    08/01/2001 06:22 AM                                                
                                            
                    Please respond to                                                  
                                            
                    cf-talk                                                            
                                            
                                                                                       
                                            
                                                                                       
                                            




I'm playing with some UDF's, and have this section of code
--
<cfoutput>
where:<br>
#MakeWhereClause(CreateRecordID( qQuery))#
</cfoutput>

<cfquery name="qDoesit" datasource="#request.dbname#">
select * from actuals where #MakeWhereClause(CreateRecordID( qQuery))#
</cfquery>
--
This produces:
--
where:
dateid='04-Jan-01' and gcljobno=200140206 and taskid='GCL001' and
starttime='09:00' and resourceid='tchiverton'
--
Then the error:
--
ODBC Error Code = S1000 (General error)
[Oracle][ODBC][Ora]ORA-00933: SQL command not properly ended
SQL = "select * from actuals where dateid=''04-Jan-01'' and
gcljobno=200140206 and taskid=''GCL001'' and starttime=''09:00'' and
resourceid=''tchiverton''"
--

So although my MakeWhere UDF is returning a correctly escaped SQL string,
when it goes inside the cfquery, and does the same bit of code, CF seems to
be adding extra quote marks.

Is this known behaviour ? Any way to run it off ? Other pleas for help
appreciated ? :-)

Regards,

Thomas Chiverton
Intranet Architect
01565 757 909
Another fine development by Boring Sigs Inc.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists