Dina Hess wrote: >>But not when using cfqueryparam. Using cfqueryparam is meant to call the >>functionality of the database driver to do the escaping. Any escaping done >>by CF >>before that will only result in doubling the quotes twice, and therefore >>CF >>should do no escaping whatsoever of any value passed through cfqueryparam. > > > Yes, I do remember seeing your previous comments about using CFQUERYPARAM to > preserve single quotes...but I could never get that to test out. Do you have > a resource to share?
<cfset value = "String"> <cfquery ..> INSERT INTO table (field) VALUES (<cfqueryparam cfsqltype="cf_sql_varchar" value="#value#">> </cfquery> Make the value anything you want, quotes, backslashes etc., it will work. > Maybe this is just another Access anomaly... No, it is a CF MX anomaly. > <cfset variables.showLabel = "abc's"> > <cfquery datasource="test"> > UPDATE foo > SET showLabel = <cfqueryparam cfsqltype="cf_sql_varchar" > value="#trim(PreserveSingleQuotes(showLabel))#" /> > where foo_id = 1 > </cfquery> > > ...foo is now abc's in the database, which is what we want. > > But when I change the CFQUERYPARAM tag to <cfqueryparam > cfsqltype="cf_sql_varchar" value="#trim(HTMLEditFormat(showLabel))#" /> > > ...foo becomes abc''s in the database And that is the bug. > If I change the CFQUERYPARAM tag again to <cfqueryparam > cfsqltype="cf_sql_varchar" value="#trim(showLabel)#" /> > foo is still abc''s And if you leave the trim() out it will be abc's again. trim() should not influence the number of quotes, only the numer of spaces at the beginning and end of the string. For a peak at the java behind the scenes, take a look at http://spike.oli.tudelft.nl/jochemd/index.cfm?PageID=23 Jochem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4