Hi All, Perhaps someone out there has a quick answer to my problem:
A piece of code (not mine) that was working perfectly fine a few days ago is no longer working properly. I have been able to determine that the problem is caused when someone attempts to UPDATE a record in the database (I have not tested with inserts). Basically what's happening is that someone enters an apostrophe (aka single quote) into the form field and ColdFusion is not automatically escaping it. For example... O'Neil for a last name produces an error because the single quote causes the SQL UPDATE statement to end prematurely. Obviously I can fix this quickly by simply doing a Replace() function and replacing every single quote with two single quotes but what I want to know is WHAT IS CAUSING THIS PROBLEM in the first place. Apparently the code itself has not changed (but that's no guarantee since it's not my code). Does anyone out there know of a server setting, or anything else that causes the above behavior? -Novak ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm
