try reversing the quotes, using double quotes in a query shouldn't actually work anyway.
<cfset sqlString = "select value from table1 where id = '#param1#'" /> On Sat, Jun 25, 2011 at 1:12 PM, Richard White <rich...@j7is.co.uk> wrote: > > Hi, > > we are having to build a complex query in a string using parameters passed > through the URL and then run it within a cfquery. > > Here is a basic example: > > <cfset param1 = url.param1 /> > <cfset sqlString = 'select value from table1 where id = "#param1#"' /> > <cfquery name="myQuery" datasource="myDatasource"> > <cfoutput>#sqlString#</cfoutput> > </cfquery> > > This all works fine until the url.param1 includes a double quote, then of > course it conflicts with the double quotes it is surrounded in and throws an > error. > > Even if we encode the string then of course mysql wont be able to retrieve > the correct results > > Do you have any suggestions on how to get around this? > > thanks > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:345663 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
