I dont think this is a problem, we have used single quotes just now and it worked okay....
On 9/20/05, Claude Schneegans <[EMAIL PROTECTED]> wrote: > >><cfquery name="variables.q" datasource="#form.ds#"> > #form.sqlQuery# > </cfquery> > > >>It works beautifully. My problem and question is... > > I can see another issu: single quotes. > If user puts something like "IN ('A','B',...) in his SQL code, single > quotes will be escaped, > and the query will fail. > The problem is finding which part of the statement should have single > quotes escaped or not. > > -- > _______________________________________ > REUSE CODE! Use custom tags; > See http://www.contentbox.com/claude/customtags/tagstore.cfm > (Please send any spam to this address: [EMAIL PROTECTED]) > Thanks. > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:218757 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54