I have a page for users to search what is in the database.
There are a half dozen different things they can search on.
Title/Author/Genre/Etc
My action page pulls all the chosen criteria together and sends it to a stored
procedure.
It is not working when a user types in a ' into a title.
I've added the PreserveSingleQuotes to the title piece:
<CFSET TitleSearch="Where (Title Like
'#PreserveSingleQuotes(Attributes.Title)#%'">
I added it to the code that pulls all the criteria together:
<CFSET SearchThis="#PreserveSingleQuotes(Title)# #Genre# #Grade# #Voice#
#Type#)">
And lastly I added it to the stored procedure. However, the ' still whacks it
all out.
<CFPROCPARAM TYPE="IN" CFSQLTYPE="CF_SQL_VARCHAR" VALUE="#SearchThis#"
DBVARNAME="@SearchThis">
Any ideas?
Thanks,
J
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Find out how CFTicket can increase your company's customer support
efficiency by 100%
http://www.houseoffusion.com/banners/view.cfm?bannerid=49
Message: http://www.houseoffusion.com/lists.cfm/link=i:4:193058
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
