My hazy memory tells me, if you use any functions on a variable in a cfquery, it does not escape that string. Trim, iif, listGetAt. etc.
For this reason, I manipulate all the variables before I try to use them in a cfquery. Jerry On 6/2/06, Jim McAtee <[EMAIL PROTECTED]> wrote: > I'm working in CF5. I thought single quotes within strings were always > escaped in a cfquery. I have a query using an IIf() in the value and this > doesn't appear to be the case. Does this have something to do with how > I'm doing the evaluation of the second argument in the IIf() below? > > In this simplification of the query the single quote within the first > string is escaped, but the second one is not, causing an error. > > form.name = "John O'Mara" > authresponse.http_response = "1|1|1|John O'Mara|approved" > > <cfquery datasource="#dsn#"> > INSERT INTO cctransactions ( > name, > response > ) > VALUES ( > '#form.name#', > '#IIf(StructKeyExists(authresponse, "http_response"), > "authresponse.http_response", > DE(""))#' > ) > </cfquery> > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:242163 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54