Hi, we are having to build a complex query in a string using parameters passed through the URL and then run it within a cfquery.
Here is a basic example: <cfset param1 = url.param1 /> <cfset sqlString = 'select value from table1 where id = "#param1#"' /> <cfquery name="myQuery" datasource="myDatasource"> <cfoutput>#sqlString#</cfoutput> </cfquery> This all works fine until the url.param1 includes a double quote, then of course it conflicts with the double quotes it is surrounded in and throws an error. Even if we encode the string then of course mysql wont be able to retrieve the correct results Do you have any suggestions on how to get around this? thanks ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:345662 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
