single quotes that are sent to the db. Here are a few combinations:
http://192.168.0.100/experiments/temp/queries.cfm?user_id=1\'
getuser (Records=0, Time=0ms)
SQL =
select first_name
from users
where
user_id='1\'''http://192.168.0.100/experiments/temp/queries.cfm?user_id=\'1\
'getuser (Records=0, Time=0ms)
SQL =
select first_name
from users
where user_id='\''1\'''
http://192.168.0.100/experiments/temp/queries.cfm?user_id=1'getuser
(Records=0, Time=0ms)
SQL =
select first_name
from users
where user_id='1'''
http://192.168.0.100/experiments/temp/queries.cfm?user_id=1''getuser
(Records=0, Time=0ms)
SQL =
select first_name
from users
where
user_id='1'''''http://192.168.0.100/experiments/temp/queries.cfm?user_id='1
getuser (Records=0, Time=0ms)
SQL =
select first_name
from users
where user_id='''1'
-----Original Message-----
From: Jochem van Dieten [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 24, 2004 10:10 AM
To: CF-Talk
Subject: Re: why are procedures better?
Steve Nelson wrote:
> http://192.168.0.100/experiments/temp/queries.cfm?user_id=\'1\'
Why are you using a backslashes - single quotes combnation twice?
It won't work that way and I only had one.
Please try exactly the following link against a database that
supports C-style escaping:
http://192.168.0.100/experiments/temp/queries.cfm?user_id=1\'
Jochem
--
I don't get it
immigrants don't work
and steal our jobs
- Loesje
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
