CFQUERY is supposed to replace single quotes with double quotes or that has always been my understanding and definitely how it has worked since CF 4 because have code here dating back to then that relies on this. I can not find a doc reference but this hotfix for CF 6 mentions it:
http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_19108&sliceId=1 Perhaps something has change in CF8 because I did notice this thread: http://www.adobesystems-macromedia.com/cfusion/webforums/forum/messageview.cfm?forumid=1&catid=6&threadid=1292386&enterthread=y I'd be curious though if something has changed why my test on my CF8 box worked. Forgot to mention earlier that my CF8 box has the first hot fix loaded on it. On Dec 5, 2007 1:36 PM, Mark Davis <[EMAIL PROTECTED]> wrote: > In the past years, I remember having errors where data contained single > quotes and we weren't expecting them, so I don't think CF handled them by > default. If you use cfstoredproc and cfprocparam, the procparam tag MIGHT > take care fo that, but I would doubt single quotes are handled with a simple > cfquery block. > > > > My encounters with the errors led me to always use queryparam starting a > long time ago. I know that doesn't help you though. > > > > Mark Davis > Cricket Communications > Software Engineer III > > 303-734-7694 (w) > > *From:* [email protected] [mailto:[EMAIL PROTECTED] *On > Behalf Of *Zerr, Randell (JSC-IS)[TES] > *Sent:* Wednesday, December 05, 2007 11:42 AM > *To:* [email protected] > *Subject:* [houcfug] CF and escaped quotes > > > > We recently upgraded to CF8 and SQL 2005 and have been getting some odd > errors. It appears that cfquery is not escaping single quotes in query > params, which is causing errors. The applications affected are older apps > not written by me that do not use cfqueryparam. Unless I am wrong, CF has > always escaped single quotes in query params by default. I cannot find any > information relating to this issue on the web (other than the random > complaint that CF IS escaping single quotes) so I was wondering if anyone > else has experienced the issue. I could change the queries to use > cfqueryparam, however, several apps and many hundreds of lines of cfqueries > would have to be rewritten and tested. Is there some new checkbox in the cf > administrator that I am missing? > > Here is a sample: > > <cfquery name="xx" datasource="xx"> > insert in to tablex > (field1,field2) > values > ('#form.field1#','#form.field2#') > </cfquery> > > Where form.field1 may have a value of "Dell Computer's" > > > > > > > -- Aaron Rouse http://www.happyhacker.com/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the "Houston ColdFusion Users' Group" discussion list. To unsubscribe, send email to [EMAIL PROTECTED] For more options, visit http://groups.google.com/group/houcfug?hl=en -~----------~----~----~----~------~----~------~--~---
