We recently upgraded to CF8 and SQL 2005 and have been getting some odd errors.
It appears that cfquery is not escaping single quotes in query params, which
is causing errors. The applications affected are older apps not written by me
that do not use cfqueryparam. Unless I am wrong, CF has always escaped single
quotes in query params by default. I cannot find any information relating to
this issue on the web (other than the random complaint that CF IS escaping
single quotes) so I was wondering if anyone else has experienced the issue. I
could change the queries to use cfqueryparam, however, several apps and many
hundreds of lines of cfqueries would have to be rewritten and tested. Is there
some new checkbox in the cf administrator that I am missing?
Here is a sample:
<cfquery name="xx" datasource="xx">
insert in to tablex
(field1,field2)
values
('#form.field1#','#form.field2#')
</cfquery>
Where form.field1 may have a value of "Dell Computer's"
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the "Houston ColdFusion
Users' Group" discussion list.
To unsubscribe, send email to [EMAIL PROTECTED]
For more options, visit http://groups.google.com/group/houcfug?hl=en
-~----------~----~----~----~------~----~------~--~---
