Don't know at all if this is better, but dealing with the Italian language brings this issue to the fore. I've managed it so far by replacing the ' with it's HTML entity before running the SQL, example:
strTitle = Replace(strTitle,"'","&##39;","all"); But i'm open to a "better" idea myself, especially looking ahead to RIA&##39;s :) BTW: I don't know for sure if this is true: "Normally, as we all know, when CF encounters a string variable output between <cfquery> tags, it automagically escapes any single quotes inside the value." I had to rework an app the other day that had no CFC's and the apostrophes were throwing errors in the SQL (CFMX). But as usual, i head for the first solution that works and leave aside detailed analysis. So i haven't scoped the problem or possible solutions out very thoroughly. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Davis, Eric Sent: Monday, December 29, 2003 5:37 PM To: [EMAIL PROTECTED] Subject: [CFCDev] Accessors, SQL, and quotes Surprisingly, I haven't yet had to deal with apostrophes in the string-typed members of my components; I'll need a pointer or two. Normally, as we all know, when CF encounters a string variable output between <cfquery> tags, it automagically escapes any single quotes inside the value. When accessing the value via a method, this is not the case: <cfcomponent> <cfset variables.noquote = "no quotes in here" /> <cfset variables.quoted = "check out 'these' quotes" /> <!--- imagine getters and setters for both of the above ---> <cffunction name="testQuotes"> <cfquery name="sqTest" datasource="myDSN"> INSERT INTO myTable (noquotes, quotes) VALUES ('#getNoQuotes()#', '#getQuotes()#') </cfquery> </cffunction> </cfcomponent> Yields, in the SQL (according to the debug output and the error received): INSERT INTO myTable(noquotes, quotes) VALUES ('no quotes in here', 'check out 'these' quotes') In cases of nested collections -- getDiners()[i].getName() , where name yields "Joe's Restaurant" -- I can't just change the access to my internal variable (not that I want to). Will I have to edit all the SQL output of every accessor to escape the quotes or is there a better way you folks can think of to prevent these errors? TIA, ecd. -- Eric C. Davis Programmer/Analyst I Georgia Department of Transportation Office of I.T. Applications Web Applications Group 404.463.2860.199 [EMAIL PROTECTED] ---------------------------------------------------------- You are subscribed to cfcdev. To unsubscribe, send an email to [EMAIL PROTECTED] with the words 'unsubscribe cfcdev' in the message of the email. CFCDev is run by CFCZone (www.cfczone.org) and supported by Mindtool, Corporation (www.mindtool.com). An archive of the CFCDev list is available at www.mail-archive.com/[EMAIL PROTECTED] ---------------------------------------------------------- You are subscribed to cfcdev. To unsubscribe, send an email to [EMAIL PROTECTED] with the words 'unsubscribe cfcdev' in the message of the email. CFCDev is run by CFCZone (www.cfczone.org) and supported by Mindtool, Corporation (www.mindtool.com). An archive of the CFCDev list is available at www.mail-archive.com/[EMAIL PROTECTED]
