Thanks for your feedback, I'm an ASP.net & XML programmer and new to Cold Fusion. I'll definitely look into the cfqueryparam since it seems to be the best "Cold Fusion" way to control user input, and not have your queries break down.
Kind regards, Rick Sanders Webenergy Canada: 902-401-7689 USA: 919-799-9076 Canada: www.webenergy.ca USA: www.webenergyusa.com -----Original Message----- From: Ben Doom [mailto:[EMAIL PROTECTED] Sent: November-01-07 12:10 PM To: CF-Talk Subject: Re: Replacing Strings Not to put too fine a point on it, but if this data is coming directly from an end user, it would probably be in your best interest to add the <cfqueryparam> anyway. It does quite a bit more than just quote escaping. Definitely a best practice recommendation. --Ben Doom Rick Sanders wrote: > Didn't think of that, but it's less code to do a replace than the > cfqueryparam. > > > Rick Sanders > Canada: 902-401-7689 > USA: 919-799-9076 > Canada: www.webenergy.ca > USA: www.webenergyusa.com > > > -----Original Message----- > From: Dana Kowalski [mailto:[EMAIL PROTECTED] > Sent: November-01-07 11:42 AM > To: CF-Talk > Subject: Re: Replacing Strings > > are you using cfqueryparam's on your query? It should escape them on its own > I would think. > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Check out the new features and enhancements in the latest product release - download the "What's New PDF" now http://download.macromedia.com/pub/labs/coldfusion/cf8_beta_whatsnew_052907.pdf Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:292474 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4