I dont think this is a problem, we have used single quotes just now
and it worked okay....
On 9/20/05, Claude Schneegans <[EMAIL PROTECTED]> wrote:
> >><cfquery name="variables.q" datasource="#form.ds#">
> #form.sqlQuery#
> </cfquery>
>
> >>It works beautifully. My problem and question is...
>
> I can see another issu: single quotes.
> If user puts something like "IN ('A','B',...) in his SQL code, single
> quotes will be escaped,
> and the query will fail.
> The problem is finding which part of the statement should have single
> quotes escaped or not.
>
> --
> _______________________________________
> REUSE CODE! Use custom tags;
> See http://www.contentbox.com/claude/customtags/tagstore.cfm
> (Please send any spam to this address: [EMAIL PROTECTED])
> Thanks.
>
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Find out how CFTicket can increase your company's customer support
efficiency by 100%
http://www.houseoffusion.com/banners/view.cfm?bannerid=49
Message: http://www.houseoffusion.com/lists.cfm/link=i:4:218757
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
