Single quotes in an evaluate expression

Question

I need to evaluate a variable which is itself a variable

Then my variable "coment" contains "single quotes",

then this Query bugs, as the single quote is interpreted by SQL as end of value.

<cfquery name="upd_eval" datasource="#stw_article#">
   update mar_evaluation
   set eval_coment='#preservesinglequotes(coment)#'
   where eval_id=#form.mod_eval#
</cfquery>

I tried also this :

<cfset val="form.avis_#form.mod_eval#">
<cfquery name="upd_eval" datasource="#stw_article#">
   update mar_evaluation
   set eval_coment='#evaluate(val)#'
   where eval_id=#form.mod_eval#
</cfquery>

Same the SQL bugs,

so how to pass single quotes in the evaluate variable ?

For the momentI had to replace single quotes by blanc space to avoid he bug.

Thanks fo answers.

Pierre.

-__cfSearching__- · Answer

I need to evaluate a variable which is itself a variable
<cfset val="form.avis_#form.mod_eval#">

No, you do not need evaluate. Simply use associative array notation:

ie ]]>

where eval_id=#form.mod_eval#

Also, always look into cfqueryparam. It should be used on all user supplied values. Especially with databases capable of executing multiple statements.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded