In the past years, I remember having errors where data contained single quotes and we weren't expecting them, so I don't think CF handled them by default. If you use cfstoredproc and cfprocparam, the procparam tag MIGHT take care fo that, but I would doubt single quotes are handled with a simple cfquery block.
My encounters with the errors led me to always use queryparam starting a long time ago. I know that doesn't help you though. Mark Davis Cricket Communications Software Engineer III 303-734-7694 (w) From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of Zerr, Randell (JSC-IS)[TES] Sent: Wednesday, December 05, 2007 11:42 AM To: [email protected] Subject: [houcfug] CF and escaped quotes We recently upgraded to CF8 and SQL 2005 and have been getting some odd errors. It appears that cfquery is not escaping single quotes in query params, which is causing errors. The applications affected are older apps not written by me that do not use cfqueryparam. Unless I am wrong, CF has always escaped single quotes in query params by default. I cannot find any information relating to this issue on the web (other than the random complaint that CF IS escaping single quotes) so I was wondering if anyone else has experienced the issue. I could change the queries to use cfqueryparam, however, several apps and many hundreds of lines of cfqueries would have to be rewritten and tested. Is there some new checkbox in the cf administrator that I am missing? Here is a sample: <cfquery name="xx" datasource="xx"> insert in to tablex (field1,field2) values ('#form.field1#','#form.field2#') </cfquery> Where form.field1 may have a value of "Dell Computer's" --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the "Houston ColdFusion Users' Group" discussion list. To unsubscribe, send email to [EMAIL PROTECTED] For more options, visit http://groups.google.com/group/houcfug?hl=en -~----------~----~----~----~------~----~------~--~---
