RE: Problems with User Defined Functions within SQL

Thu, 29 Nov 2001 12:56:09 -0800 

This also happens if you pass a complex var inside a cfquery, like
Foo["Goo"]. CF's "auto escape" logic won't catch it. Solution - simply
make a temp var outside the cfquery.

Original:

> <cfset myString="what's the problem?">
> 
> <CFQUERY name="myQuery" datasource="myDSN">
> INSERT INTO Table (Message)
> VALUES ('#myFunction(myString)#')
> </CFQUERY>

Modified:

> <cfset myString=myFunction("what's the problem?")>
> 
> <CFQUERY name="myQuery" datasource="myDSN">
> INSERT INTO Table (Message)
> VALUES ('#myString#')
> </CFQUERY>

=======================================================================
Raymond Camden, Principal Spectra Compliance Engineer for Macromedia

Email    : [EMAIL PROTECTED]
Yahoo IM : morpheus

"My ally is the Force, and a powerful ally it is." - Yoda 

> -----Original Message-----
> From: Jamie Jackson [mailto:[EMAIL PROTECTED]] 
> Sent: Thursday, November 29, 2001 3:52 PM
> To: CF-Talk
> Subject: Problems with User Defined Functions within <CFQUERY> SQL
> 
> 
> I'm having problems using User Defined Function calls within <CFQUERY>
> if the function returns any single quotes. I've included code and the
> resultant debug output. Note that single quotes are improperly escaped
> in the SQL.
> 
> What's the solution?
> 
> Code follows...
> 
> Thanks,
> Jamie
> 
> ####### CODE ########
> <cfset myString="what's the problem?">
> 
> <CFQUERY name="myQuery" datasource="myDSN">
> INSERT INTO Table (Message)
> VALUES ('#myFunction(myString)#')
> </CFQUERY>
> 
> <cfscript>
> // function that does nothing
> function myFunction(str) {
>   return str;
> }
> </cfscript>
> 
> ###### DEBUG OUTPUT #######
> SQL = "INSERT INTO Table (Message)
> VALUES ('what''''s the problem?')"
>              ^^^^Problem SQL
> 
> ###### COMMENTS ######
> If I remove the function call ("myFunction") within the <CFQUERY>,
> note that the SQL works as intended, with the resulting VALUE line as
> follows:
> 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Reply via email to