A) Always use <cfqueryparam/>. (Note the period.) B) When in doubt, use <cfqueryparam/> anyways. (Note the period.) C) While preserveSingleQuotes() can be a useful tool at times, I would have a very difficult time thinking of a time where I would use it. D) Always use <cfqueryparam/>. (Note again, the period.) E) You cannot use <cfqueryparam/> in the midst of a <cfset />. F) Always use <cfqueryparam/>. (Once again, a period.)
<cfquery> INSERT INTO personalevent ( eventid, userid, username, eventdate ) VALUES ( <cfqueryparam value="#FORM.eventidentity#" cfsqltype="CF_SQL_INTEGER">, <cfqueryparam value="#FORM.whois#" cfsqltype="CF_SQL_INTEGER">, <cfqueryparam value="#FORM.juser#" cfsqltype="CF_SQL_VARCHAR">, <cfqueryparam value="#FORM.eventdate#" cfsqltype="CF_SQL_DATE"> ); </cfquery> G) In case you missed it, ****ALWAYS**** use <cfqueryparam/>. PERIOD. :-) HTH ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:324030 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4