Copy link to clipboard
Copied
Hi I have the variables set
<cfif orderID = 5>
<cfset stype = "'ABC124','DEF567'">
<cfese>
<cfset stype = "'VACD123','KHOL567'">
</cfif>
<cfquery name="qQuery" datasource="#ds#">
select .....
from......
......
where ......
and serie in in ('#stype#')
</cfquery>
when out put the query, I got below (1) which is not right because nothing returned. When i run the query and hard code like 2 I got records. What did I have wrong here? Thanks
1) serie in ('''ABC124'',''DEF567''')
2) serie in ('ABC124','DEF567')
Copy link to clipboard
Copied
ColdFusion is automatically converting all single quotes in stype to double quotes. To prevent it, do this:
and serie in (#preserveSingleQuotes(stype)#)
Note that this is only safe if you are hard-coding values for stype. If stype ever gets values from the user then it is more secure to use cfQueryParam.