Copy link to clipboard
Copied
Hi Team ,
I am trying to insert 6 records dynamically from form to db( oracle 11g) at the end of business process workflow. my form is getting stalled if user enters special character in the fields. I have seen in one of the forum if we use "cfqueryparam " tag to automatically escape all the special characters . But i didn't get how to use this tag.
I am using Execute SQL Statement activity in the subprocess and i have written a simple query as shown below.
INSERT IN TO TABLENAME VALUES ("/process_data/@field1","/process_data/@field2","/process_data/@field3","/process_data/@field4","/process_data/@field5","/process_data/@field6") ;
Please let me know how i can use the tag to escape all special characters .
Thanks in Advance,
Bharathi.
Copy link to clipboard
Copied
How are you "using Execute SQL Statement"? In a <cfquery> tag, a <cfstoredproc> tag, or in script via query.cfc or queryExecute() or such?
-Carl V.
Copy link to clipboard
Copied
Did you atttempt something like this:
INSERT INTO TABLENAME VALUES (<cfqueryparam cfsqltype="cf_sql_varchar" value="value1">, <cfqueryparam cfsqltype="cf_sql_varchar" value="value2">, etc.)