Re: Problems with User Defined Functions within SQL

[Jamie Jackson]

Your response was far too slow. Next time, please email your response
before I post my question ;-)

Thanks for confirming the behavior and the solution. I have already
been using the workaround you recommend, so I'll just continue to do
so.

Thanks,
Jamie

On Thu, 29 Nov 2001 16:00:11 -0500, in cf-talk you wrote:

>This also happens if you pass a complex var inside a cfquery, like
>Foo["Goo"]. CF's "auto escape" logic won't catch it. Solution - simply
>make a temp var outside the cfquery.
>
>Original:
>
>> <cfset myString="what's the problem?">
>> 
>> <CFQUERY name="myQuery" datasource="myDSN">
>> INSERT INTO Table (Message)
>> VALUES ('#myFunction(myString)#')
>> </CFQUERY>
>
>Modified:
>
>> <cfset myString=myFunction("what's the problem?")>
>> 
>> <CFQUERY name="myQuery" datasource="myDSN">
>> INSERT INTO Table (Message)
>> VALUES ('#myString#')
>> </CFQUERY>
>>====================================================================
>Raymond Camden, Principal Spectra Compliance Engineer for Macromedia
>
>Email    : [EMAIL PROTECTED]
>Yahoo IM : morpheus
>
>"My ally is the Force, and a powerful ally it is." - Yoda 
>
>> -----Original Message-----
>> From: Jamie Jackson [mailto:[EMAIL PROTECTED]] 
>> Sent: Thursday, November 29, 2001 3:52 PM
>> To: CF-Talk
>> Subject: Problems with User Defined Functions within <CFQUERY> SQL
>> 
>> 
>> I'm having problems using User Defined Function calls within <CFQUERY>
>> if the function returns any single quotes. I've included code and the
>> resultant debug output. Note that single quotes are improperly escaped
>> in the SQL.
>> 
>> What's the solution?
>> 
>> Code follows...
>> 
>> Thanks,
>> Jamie
>> 
>> ####### CODE ########
>> <cfset myString="what's the problem?">
>> 
>> <CFQUERY name="myQuery" datasource="myDSN">
>> INSERT INTO Table (Message)
>> VALUES ('#myFunction(myString)#')
>> </CFQUERY>
>> 
>> <cfscript>
>> // function that does nothing
>> function myFunction(str) {
>>   return str;
>> }
>> </cfscript>
>> 
>> ###### DEBUG OUTPUT #######
>> SQL = "INSERT INTO Table (Message)
>> VALUES ('what''''s the problem?')"
>>              ^^^^Problem SQL
>> 
>> ###### COMMENTS ######
>> If I remove the function call ("myFunction") within the <CFQUERY>,
>> note that the SQL works as intended, with the resulting VALUE line as
>> follows:
>> 
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists