Skip to main content
A
Anonymous
September 22, 2010
Answered

cfquery fails with conditional query stored in a variable

  • September 22, 2010
  • 1 reply
  • 1114 views

Following code doesnt work. Can anyone explain why?

<cfset myquery="select * from employee where id = '10'">
<cfquery name="a" datasource="mydsn">
#myquery#
</cfquery>

This topic has been closed for replies.
Correct answer Adam Cameron.

What do you mean by "doesn't work"?  You really ought to read this before posting: http://forums.adobe.com/thread/607238.

Is the ID really a string-oriented column?  I would expect it to be an integer, so it oughtn't have the quotes.

Also, if you are doing what you're doing, if your variable has single quotes in it, you'll need to use preserveSingleQuotes() to stop CF escaping them.

--
Adam

1 reply

A
Adam Cameron.Correct answer
Inspiring
September 22, 2010

What do you mean by "doesn't work"?  You really ought to read this before posting: http://forums.adobe.com/thread/607238.

Is the ID really a string-oriented column?  I would expect it to be an integer, so it oughtn't have the quotes.

Also, if you are doing what you're doing, if your variable has single quotes in it, you'll need to use preserveSingleQuotes() to stop CF escaping them.

--
Adam

A
Anonymous
September 22, 2010

My sincere apologies for not reading that thread before posting because of which my post which seemed fine to me doenst seem the same any longer.

Anyway, yes you are right that the column is a string oriented one because of which I am using single quotes. And you are right again about escaping single quotes which was the real problem. Once I used the function mentioned, it worked prefectly.

Thanks again.

-
-__cfSearching__-
Inspiring
September 22, 2010
Once I used the function mentioned, it worked prefectly.

While PreserveSingleQuotes() is the correct function to use to resolve that error, be sure you understand the security ramifications of using it. ColdFusion automatically escapes single quotes to help combat sql injection.  PreserveSingleQuotes() prevents that from happening.  So if your sql string includes user supplied values, it may be vulnerable to sql injection.

Message was edited by: -==cfSearching==-

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices