Seriously, what does it do in Oracle? Will it throw an error? Can you run a
simple test to see what happens?
Steve
-----Original Message-----
From: Jochem van Dieten [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 24, 2004 10:56 AM
To: CF-Talk
Subject: Re: why are procedures better?
Steve Nelson wrote:
> I don't think it's going to matter, because CF is generating the doubled
up
> single quotes that are sent to the db. Here are a few combinations:
>
> http://192.168.0.100/experiments/temp/queries.cfm?user_id=1\'
> getuser (Records=0, Time=0ms)
> SQL =
> select first_name
> from users
> where
> user_id='1\'''
There we have it. For quite a few databases this is an illegal
statement.
Jochem
--
I don't get it
immigrants don't work
and steal our jobs
- Loesje
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]