Double Apostrophe in SQL?

Report · Mar 28, 2017

I have a form fields that allows admins to update the headers & Footers of their site and for the most part it works awesome.

Where is falls apart is anytime there is a double apostrophe with no space.

Here is the stock Tag Manager:

new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],

j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=

})(window,document,'script','dataLayer','GTM-WN42FJV');</script>

On this line:

j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=

Google has:

+l:'';j.async

The 2 apostrophes, when saved in SQL come back as 1 - somewhere in the SQL process one of them is being stripped?

This only happens when there are 2 apostrophes in a row with nothing between them.

How do I fix this?

Report · Mar 28, 2017

I would need to see the query tag/call that you are making. I'm guessing you're doing something like:

update [sometable]

set [somecolumn] = '#form.value#'

where [someothercolumn] = 123

</cfquery>

If this is the case, changing you query to something like the following should do the trick:

update [sometable]

set [somecolumn] = <cfqueryparam value='#form.value#' cfsqltype='CF_SQL_VARCHAR' />

where [someothercolumn] = <cfqueryparam value='123' cfsqltype='CF_SQL_INTEGER' />

</cfquery>

Report · Mar 28, 2017

That's because SQL uses the apostrophe to delimit string values.

WHERE uname = 'john'

If an apostrophe needs to be part of the value of the string, then it needs to be escaped.

WHERE businessname = 'Jack''s Pizza'

CF will, I believe, automatically escape the apostrophe before it gets to the database.

HTH,

^_^

Report · Mar 30, 2017

Perfect!

Adobe Community