<!-- do the query -->
<cfquery name="qGetAllForumPosts" datasource="#request.dsn#">
SELECT *
FROM discussionForum
<cfif whereClause NEQ "">
#preserverSingleQuotes(whereClause)#
</cfif>
ORDER BY submit_date DESC
</cfquery>
You need to tell ColdFusion to NOT escape single quotes which is its default
behavior when parsing a string which contains single quotes inside of a
<cfquery...><\cfquery> block. The idea being that most people would just be
passing data in variables, not entire SQL strings. And if the data contains
single quotes such as "O'Mally", they need to be escaped.
Be aware that you will now be responsible for escaping your own data such as
above if your system need to accept string that can contain single quotes.
Also be doubly aware that you have removed ColdFusion natural defense of
escaping strings, making SQL injection much easier. Be very sure of any
unsecured data you receive and parse through your code.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad.doubleclick.net/clk;192386516;25150098;k
Archive: http://www.houseoffusion.com/groups/SQL/message.cfm/messageid:3058
Subscription: http://www.houseoffusion.com/groups/SQL/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.6
