I'll wager somebody's description includes a comma.
I'll reinforce: use cfqueryparam
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
Are any of your columns numeric? I would think that CatID, UserID, and Price
should be numeric columns, but your query treats them as strings. My guess
would be that a price is getting submitted with non-numeric data. (dollar
sign, commas, letters?)
The line number in the error detail may not
*always* validate on the server.
if you want to run some stuff on the client, that's fine... but
especially if you're talking about data... don't let the integrity of
your data rest on something you can't control (client side
validation).
easy enough to remove those non-numeric characters via cf
Your query says that NONE of your data types are numeric. Is that true?
Ps... Every time you take data directly from forms and pass it to your
database without cleaning it... god kills a kitten. Please save the kittens
and use cfqueryparam.
..:.:.:.:.:.:.:.:.:.:.:.
Bobby Hartsfield
VALUES ('#Trim(FORM.CatID)#',
'#Trim(SESSION.Auth.UserID)#',
First you open yourself up to SQL injection attack unless you use
cfqueryparam on all variables.
single quotes around CatID, UserID, and Price.
I'm using JS validation
You need to do server side validation before you think
5 matches
Mail list logo