[EMAIL PROTECTED] wrote: > > Basically what's happening is that someone enters an apostrophe (aka single > quote) into the form field and ColdFusion is not automatically escaping it. > > For example... O'Neil for a last name produces an error because the single > quote causes the SQL UPDATE statement to end prematurely. > > Obviously I can fix this quickly by simply doing a Replace() function and > replacing every single quote with two single quotes but what I want to know > is WHAT IS CAUSING THIS PROBLEM in the first place. > > Apparently the code itself has not changed (but that's no guarantee since > it's not my code). Does anyone out there know of a server setting, or > anything else that causes the above behavior?
Not using cfqueryparam in all cases is known to cause this :-) Jochem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm