I've seen this behaviour on occasion. It seems to happen when a
complex variable dereference happens. I'm not sure of the specific
for replicating it, but it does happen sometimes. If you use
CFQUERYPARAM, you won't have this problem, because it doesn't do any
SQL escaping, it passes the data in a different (faster and more
secure) manner.
cheers,
barneyb
On 4/26/05, Cliff Meyers <[EMAIL PROTECTED]> wrote:
> I experienced some unexpected behavior today while I troubleshooting an
> error in one of my first Mach-II apps. I was using a "bean" CFC to store
> data from a form and then insert it into an Oracle database. Inside my
> CFQUERY block, I was using a method such as this...
>
> event.getArg("SurveyForm").getComment1()
>
> to insert text into the DB. I found out that when outputting the CFC
> inside CFQUERY (as shown above, wrapped in ## naturally) that the single
> quotes in the text to be inserted weren't being escaped... thus causing
> the Oracle DB syntax error.
>
> Has anyone else run into this, or have any ideas of what might be going
> wrong? In the future to be safe I suppose I might just dump all the
> arguments into a structure and then put those into the CFQUERY block, but
> I was a little surprised that this happened. Thanks!
>
> -Cliff
--
Barney Boisvert
[EMAIL PROTECTED]
360.319.6145
http://www.barneyb.com/
Got Gmail? I have 50 invites.
----------------------------------------------------------
You are subscribed to cfcdev. To unsubscribe, send an email to
[email protected] with the words 'unsubscribe cfcdev' as the subject of the
email.
CFCDev is run by CFCZone (www.cfczone.org) and supported by CFXHosting
(www.cfxhosting.com).
An archive of the CFCDev list is available at
www.mail-archive.com/[email protected]
