But note that using the render() function with untrusted data opens you up
to CFML injection attacks so you'll need to sanitize for those.
Josh
-Original Message-
From: David Carter [mailto:[EMAIL PROTECTED]
Sent: Monday, August 07, 2006 4:34 PM
To: CF-Talk
Subject: Re: cfquery - single
#preserveSingleQuotes(sql_statement)#
On 8/7/06, David Carter [EMAIL PROTECTED] wrote:
Hello all,
I am having a strange problem with a cfquery through SQL Server where I am
building the SQL statement dynamically from form input. I wonder if anyone
here has encountered and over come a
#PreserveSingleQuotes(sql_stmt)#
On 8/7/06, David Carter [EMAIL PROTECTED] wrote:
Hello all,
I am having a strange problem with a cfquery through SQL Server where I am
building the SQL statement dynamically from form input. I wonder if anyone
here has encountered and over come a similar
That's by design. ColdFusion is escaping your single quotes.
You need to either wrap your string in the PreserveSingleQuotes()
function or, better, use cfqueryparam
-Original Message-
From: David Carter
Sent: Monday, August 07, 2006 3:14 PM
To: CF-Talk
Subject: cfquery - single quotes
Thanks all, PreserveSingleQuotes() solved the problem.
That's by design. ColdFusion is escaping your single quotes.
You need to either wrap your string in the PreserveSingleQuotes()
function or, better, use cfqueryparam
~|
5 matches
Mail list logo