Sounds like a good place to use cfqueryparam with type="cf_sql_varchar" for strings or
type="cf_sql_numeric" for numbers.
Chris Norloff
---------- Original Message ----------------------------------
from: "Wurst, Keith D." <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
date: Wed, 3 Jul 2002 09:54:35 -0400
>Hi everyone. I'm having some trouble with single quotes. I'm trying to build
>a dynamic sql query. The code is below. The problem is occurring when I try
>to put single quotes around the variable prop_id. Even when I do the
>replace, when I place the var. inside the sql statement the single quotes
>appear as double quotes and the query blows up. Any help is greatly
>appreciated. Thanks very much.
>Keith
>
>
><cfset county = "0">
><cfloop query="get_investigator">
><cfif county eq "0">
><cfset prop_next = "prop_id = |#get_investigator.prop_id#|">
><cfelse>
><cfset prop_next = "#prop_next# or prop_id = |#get_investigator.prop_id#|">
></cfif>
><cfset county = county + 1>
></cfloop>
>
><cfset prop_next = replace("#prop_next#", "|", "'", "all")>
>
><cfquery name="get_proposal" datasource="#datasource#">
>select * from tbl_proposal_master
>where
>(#prop_next#)
>and fice = #session.fice#
><cfif session.usertype eq "a">
>and
>(tbl_user.type = 'a' or (tbl_user.type = 'f' and
>tbl_proposal_master.submitted = 1))
><cfelse>
>and
>created_by = '#session.username#'
></cfif>
>order by prop_id
></cfquery>
>
______________________________________________________________________
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
