Not to put too fine a point on it, but if this data is coming directly from an end user, it would probably be in your best interest to add the <cfqueryparam> anyway. It does quite a bit more than just quote escaping. Definitely a best practice recommendation.
--Ben Doom Rick Sanders wrote: > Didn't think of that, but it's less code to do a replace than the > cfqueryparam. > > > Rick Sanders > Canada: 902-401-7689 > USA: 919-799-9076 > Canada: www.webenergy.ca > USA: www.webenergyusa.com > > > -----Original Message----- > From: Dana Kowalski [mailto:[EMAIL PROTECTED] > Sent: November-01-07 11:42 AM > To: CF-Talk > Subject: Re: Replacing Strings > > are you using cfqueryparam's on your query? It should escape them on its own > I would think. > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Download the latest ColdFusion 8 utilities including Report Builder, plug-ins for Eclipse and Dreamweaver updates. http;//www.adobe.com/cfusion/entitlement/index.cfm?e=labs%5adobecf8%5Fbeta Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:292472 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4