[houcfug] Re: CF and escaped quotes

Wed, 05 Dec 2007 12:03:02 -0800 

May be off topic, since I don't know what errors you are getting
But, I've run into cases where quotes, pasted into form from MS Word,
caused errors.  I had to replace the bad quotes with good quotes by
adding this code before I insert.

<cfset BadChars="",",',-,-,">
<cfset GoodChars='",",'',-,-'>
<cfloop from="1" to="#ListLen(form.fieldnames)#" index="h">
<cfloop from="1" to="#ListLen(BadChars)#" index="i">
<cfif evaluate("form."&ListGetAt(form.fieldnames,h)) Contains
ListGetAt(BadChars,i)>
#SetVariable("form."&ListGetAt(form.fieldnames,h),Replace(evaluate("form
."&ListGetAt(form.fieldnames,h)),ListGetAt(BadChars,i),ListGetAt(GoodCha
rs,i),"ALL"))# 
</cfif>
</cfloop>
</cfloop>

 
 

________________________________

From: [email protected] [mailto:[EMAIL PROTECTED] On
Behalf Of Zerr, Randell (JSC-IS)[TES]
Sent: Wednesday, December 05, 2007 12:42 PM
To: [email protected]
Subject: [houcfug] CF and escaped quotes



We recently upgraded to CF8 and SQL 2005 and have been getting some odd
errors.  It appears that cfquery is not escaping single quotes in query
params, which is causing errors.  The applications affected are older
apps not written by me that do not use cfqueryparam.  Unless I am wrong,
CF has always escaped single quotes in query params by default.  I
cannot find any information relating to this issue on the web (other
than the random complaint that CF IS escaping single quotes) so I was
wondering if anyone else has experienced the issue.  I could change the
queries to use cfqueryparam, however, several apps and many hundreds of
lines of cfqueries would have to be rewritten and tested.  Is there some
new checkbox in the cf administrator that I am missing?

Here is a sample:

<cfquery name="xx" datasource="xx">
insert in to tablex
(field1,field2)
values
('#form.field1#','#form.field2#')
</cfquery>

Where form.field1 may have a value of "Dell Computer's" 





--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the "Houston ColdFusion 
Users' Group" discussion list.
To unsubscribe, send email to [EMAIL PROTECTED]
For more options, visit http://groups.google.com/group/houcfug?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to