[thelist] ColdFusion/SQL - treat as Number

Joshua OIson joshua at alphashop.net
Tue May 8 21:00:23 CDT 2001


Jon,

Cold Fusion automatically escapes variables within cfquery   For example,
the following is remarkably error-proof for almost any normal value of
form.name:

<cfquery>
UPDATE mytable
SET name = '#form.name#'
WHERE id=1
</cfquery>

and form.name = "John's House"

so, you don't need to worry about that.  Rumor has it, though, that if you
access variables through the struction, a la form['name'] or form["name"],
the quotes will not be escaped, so I recon that may be what's happening.  If
you are inserting a literal into the db, then you could do a replace, like
Seth said.

Either way, you'll probably want to check the string for characters outside
of the databases character set--usually characters between ascii values
128-255--before you do the insert or update anyways.

-joshua

----- Original Message -----
From: "jon steele" <jjsteele22 at yahoo.com>
Subject: [thelist] ColdFusion/SQL - treat as Number


> Hi,
>
> I need an equivalent to the php stripslashes and addslashes for
> ColdFusion. I am using ColdFusion and Access and if a field has a "'"
> (apostrophe) in it, CF throws an error on the SQL.
>
> For example:
>
> INSERT INTO table_name (field,field1,field2) VALUES (1,'Jon','Don't
> Know');
>
> I tried replacing the outer quotes with double quotes, but it still
> gave an error. Is there another way around this?
>
> If you need me to explain a little more, please ask.






More information about the thelist mailing list