[thelist] CF Radio Buttons Tip

Raymond Camden rcamden at allaire.com
Thu Mar 22 12:47:53 CST 2001


A little warning. As you know, CF will automatically escape single quotes
when passing values via SQL. So, this is safe:

<CFSET X = "Ray's world.">

<CFQUERY ..>
	insert ...
	values('#X#')
</CFQUERY>

However, if you pass in the value as a structure, Form["somename"], the
single quote will not be escaped. This bit me on the rear a few weeks ago.
Of course, the easy way out is to just set a temp variable. I belive
Form.Foo is safe, but you can only use that format when you know the name of
the form value at runtime.

=======================================================================
Raymond Camden, Principal Spectra Compliance Engineer for Macromedia

Email   : jedimaster at allaire.com
ICQ UIN : 3679482

"My ally is the Force, and a powerful ally it is." - Yoda

> You may also notice that I am using the alternate for of
> Structure indexing
> when I call form["name"].  You may find that using this format
> may simplify
> code.  But note, this method of accessing a structure as if it
> was an array
> was introduced in a newer version of CF (4.5?)
>
> Good luck,
>
> -joshua
>





More information about the thelist mailing list