Two options I can think of: 1) PreserveSingleQuotes() function 2) CFQUERYPARAM
I highly recommend option #2. where ( title like <cfqueryparam value="%Cancer%" cfsqltype="CF_SQL_VARCHAR">) or (duration_start >= <cfqueryparam value="1/13/2002" cfsqltype="CF_SQL_DATE">) or (amount_requested > <cfqueryparam value="5000" cfsqltype="CF_SQL_NUMERIC">) Of course, this depends on the database you're using, because some of them don't support parameters. -------------------------------- Scott Brady http://www.scottbrady.net/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com