[thelist] CF Radio Buttons Tip
Raymond Camden
rcamden at allaire.com
Thu Mar 22 12:47:53 CST 2001
A little warning. As you know, CF will automatically escape single quotes
when passing values via SQL. So, this is safe:
<CFSET X = "Ray's world.">
<CFQUERY ..>
insert ...
values('#X#')
</CFQUERY>
However, if you pass in the value as a structure, Form["somename"], the
single quote will not be escaped. This bit me on the rear a few weeks ago.
Of course, the easy way out is to just set a temp variable. I belive
Form.Foo is safe, but you can only use that format when you know the name of
the form value at runtime.
=======================================================================
Raymond Camden, Principal Spectra Compliance Engineer for Macromedia
Email : jedimaster at allaire.com
ICQ UIN : 3679482
"My ally is the Force, and a powerful ally it is." - Yoda
> You may also notice that I am using the alternate for of
> Structure indexing
> when I call form["name"]. You may find that using this format
> may simplify
> code. But note, this method of accessing a structure as if it
> was an array
> was introduced in a newer version of CF (4.5?)
>
> Good luck,
>
> -joshua
>
More information about the thelist
mailing list