Hi Kevin, >Anyone have any standard ways of inserting strings into SQL which may or may >not contain single quotes?
CF will escape any single quotes only if the variable is a simple variable, ie a straight text string. If the code is more complex then you need to set it into a straight text var before you get to the query: This could fail: SQL..WHERE ID = #listGetAt(listvar, pos)# This should not: <cfset tempvar = #listGetAt(listvar, pos)#> SQL..WHERE ID = #tempvar# -- Yours, Kym ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
