I wasn't aware of ColdFusion's XMLformat() function until I leafed through Rob Brooks-Bilson's excellent new ColdFusion book for O'Reilly last weekend. Basically, the function escapes all characters which are illegal in valid XML documents, substituting ' for single quotes, " for double quotes and so on.
It seems this function was new to 4.5 - it will save a lot of text handling if you're storing user input in XML documents, but be aware that it also strips out line breaks, so you may want to catch these first: safexml = replace(form.xml, chr(10), '<br />', 'all'); safexml = replace(safexml, chr(13), '', 'all'); safexml = xmlformat(safexml); To see the function in action, try my test page at http://66.28.113.35/users/tom/xmlformattest.cfm This page accepts your form input, converts it using XMLformat(), creates a small XML string from the converted input, and attempts to parse it with MSXML 3. I haven't managed to make it fail yet... Tom -----------------+ tom dyson t: +44 (0)1608 811870 m: +44 (0)7958 752657 http://torchbox.com -----------------------+ cf-xml mailing list list: [EMAIL PROTECTED] admin: [EMAIL PROTECTED] home: http://torchbox.com/xml
