Check out the "PreserveSingleQuotes(string_variable)" function. Usage: This function is useful in SQL statements to defer evaluation of a variable reference until runtime. This prevents errors that result from the evaluation of a single-quote or apostrophe data character (for example, "Joe's Diner") as a delimiter.
gary scullin Web Center | St. Luke's Episcopal Health System 832-355-4850 (w) www.stlukestexas.org From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of Zerr, Randell (JSC-IS)[TES] Sent: Wednesday, December 05, 2007 12:42 PM To: [email protected] Subject: [houcfug] CF and escaped quotes We recently upgraded to CF8 and SQL 2005 and have been getting some odd errors. It appears that cfquery is not escaping single quotes in query params, which is causing errors. The applications affected are older apps not written by me that do not use cfqueryparam. Unless I am wrong, CF has always escaped single quotes in query params by default. I cannot find any information relating to this issue on the web (other than the random complaint that CF IS escaping single quotes) so I was wondering if anyone else has experienced the issue. I could change the queries to use cfqueryparam, however, several apps and many hundreds of lines of cfqueries would have to be rewritten and tested. Is there some new checkbox in the cf administrator that I am missing? Here is a sample: <cfquery name="xx" datasource="xx"> insert in to tablex (field1,field2) values ('#form.field1#','#form.field2#') </cfquery> Where form.field1 may have a value of "Dell Computer's" +++++CONFIDENTIALITY NOTICE+++++ The information in this e-mail may be confidential and/or privileged. If you are not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any review, dissemination or copying of this e-mail and its attachments, if any, or the information contained herein is prohibited. If you have received this e-mail in error, please immediately notify the sender by return e-mail and delete this e-mail from your computer system. Thank you. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the "Houston ColdFusion Users' Group" discussion list. To unsubscribe, send email to [EMAIL PROTECTED] For more options, visit http://groups.google.com/group/houcfug?hl=en -~----------~----~----~----~------~----~------~--~---
