> won't execute SQL, but only evaluate it as a string input. So if you're > expecting numbers, then validate, using isNumeric() or CFQueryParam.
Or if you know a value must be numeric, wrap a val() around it. That will knock any text strings down to 0 and prevent an SQL error from being thrown, as well as allow your app to handle the empty record set just as if any other invalid numeric value had been tossed at it. -Justin Scott, Lead Developer Sceiron Internet Services, Inc. http://www.sceiron.com ______________________________________________________________________ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists