cf with mysql, escaping chars

Ask a Question related to Coldfusion Database Access, Design and Development.

  1. tlyost #1

    Default cf with mysql, escaping chars

    Hi all,
    I am converting a rather larger parsing program from php to coldfusion. So
    far so good, until I found where it inserts data into the database, the php
    code calls mysqli_real_escape_string on the data first. Research reveals that
    this php function "escapes" NUL, \n, \r, \, ', and ". Further reading
    suggests that mysql requires these chars to be escaped.

    Anyone know of an easy way to accomplish this in cf ?

    tlyost Guest
    Reply With Quote Reply With Quote

    2. Similar Questions and Discussions

    1. Escaping characters in MySQL
      CFMX works fine with MySQL database 99% of the time. However, when a field in a query includes an apostrophe, CF is escaping it in the Windows SQL...
    2. receiving ??? chars instead of "special" chars
      Hello i have a strange problem i made a online catalogue and must submit orders to a remote server I need to connect to a remote webservice on ...
    3. Escaping <> chars in XML Attributes
      I need to know if anyone out there knows of a utility that will allow me to enter/edit/save an xml doc so that it visually displays on the screen...
    4. Forms and escaping
      Hi all I'm hoping this is a dumb question that someone can easily answer me, I'm not entirely sure you even need php to solve it, but still:...
    5. Escaping in VBScript
      I am having a problem calling Stored Procedures: .... dim MyValue, MyOtherValue MyValue = "Bobby's value" MyOtherValue = Bobby's other value"...
  2. cf_menace #2

    Default Re: cf with mysql, escaping chars

    You'll probably want to use <cfqueryparam> on all your SQL statements in order
    to properly handle datatypes and to keep your queries safe from SQL Injections.
    The tag also handles escaping characters when needed.

    Check
    [url]http://livedocs.macromedia.com/coldfusion/7/htmldocs/wwhelp/wwhimpl/common/html/[/url]
    wwhelp.htm?context=ColdFusion_Documentation&file=0 0000317.htm for more info.



    INSERT INTO someTable
    (
    someColumn
    )
    VALUES
    (
    <cfqueryparam value="#someVariable#" cfsqltype="CF_SQL_VARCHAR"
    maxlength="255" />
    )

    cf_menace Guest
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139