Skip to main content
K
kt03
Inspiring
September 12, 2018
Question

list

  • September 12, 2018
  • 1 reply
  • 583 views

Hi I have the variables set

<cfif orderID = 5>

      <cfset stype = "'ABC124','DEF567'">

<cfese>

<cfset stype = "'VACD123','KHOL567'">

</cfif>

<cfquery name="qQuery" datasource="#ds#">

select .....

from......

......

where ......

and serie in in ('#stype#')

</cfquery>

when out put the query, I got below (1) which is not right because nothing returned.  When i run the query and hard code like 2 I got records.  What did I have wrong here? Thanks

1) serie in ('''ABC124'',''DEF567''')

2) serie in ('ABC124','DEF567')

This topic has been closed for replies.

1 reply

EddieLotter
EddieLotter
Inspiring
September 20, 2018

ColdFusion is automatically converting all single quotes in stype to double quotes. To prevent it, do this:

and serie in (#preserveSingleQuotes(stype)#)

Note that this is only safe if you are hard-coding values for stype. If stype ever gets values from the user then it is more secure to use cfQueryParam.

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices