> Just put it between double quotes. Most datatypes use
> doublequotes anyhow..
> so it would be
> last_name="O'Brien" and you should be okay.
>
> let me know if i'm retarded or not.. i probably am :-)
This actually breaks CFQuery - especially if you use the SQL parameter of
the tag
BTW, I've checked through my generic SQL code for this (I tend to put
anything I'm gonna use more than once into a CF_ tag);
You should use Replace(myValue,"'","''","all") before you put it anywhere
near the SQL - but this may be easier to do in the SQL, so instead of
<cfset myNewValue="name='#myValue#'">
<cfquery name="findName" datasource="myDSN">
select *
from myTable
where #myNewValue#
</cfquery>
You could use;
<cfquery name="findName" datasource="myDSN">
select *
from myTable
where name='#Replace(myValue,"'","''","all")#'
</cfquery>
Or, if you REALLY need it to be dynamic for the where (you will if your
search form has several entries)
<cfset myNewValue="name='#Replace(myValue,"'","''","all")#'">
<cfquery name="findName" datasource="myDSN">
select *
from myTable
where #PreserveSingleQuotes(myNewValue)#
</cfquery>
HTH
Philip Arnold
ASP Multimedia Limited
T: +44 (0)20 8680 1133
"Websites for the real world"
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
**********************************************************************
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
