preservesinglequotes question

Report · Aug 03, 2009

I have the following dynamically created sql statement:

update [tblemployees] set [FirstName]='John', [LastName]='O'neil' where employeeID = 1

I've found that it will only work if I use the preservesinglequotes in following code:

     <cfquery>
   #PreserveSingleQuotes(str)#
      </cfquery>

The problem is that it blows up when I have a user-entered single quote such as in the O'neil last name.

Does anyone have a solution for this?

Report · Aug 03, 2009

Hi,

use cfqueryparam

refer - http://livedocs.adobe.com/coldfusion/6.1/htmldocs/tags-b20.htm

Report · Aug 03, 2009

Attempting to use cfqueryparam with dynamcically created sql variables can result in excessive compication. Another approach is to use the replace function on all your user provided text values and double up all your single quotes.