cfquery not escaping single quotes correctly

Ask a Question related to Coldfusion Database Access, Design and Development.

  1. Gregd66 #1

    Default cfquery not escaping single quotes correctly

    It seems as if two single quotes together do not get escaped.

    <!---
    This code works in CF5 with the proper Data OK message.
    It does not work on MX7 using an oracle jdbc or native driver.
    If you look at the debug of the insert statement you will see it
    is not escaped correctly. CF is suppossed to escape it automatically.
    --->


    <cfset dsn="testdsn">
    <cfset mydata="'' '"> <!--- if you put a character between the first 2 single
    quotes it will work in MX7 ???? --->

    <cfquery name="selectdata" datasource="#dsn#">
    truncate table temp_table
    </cfquery>

    <cfquery name="inserttest" datasource="#dsn#">
    insert into temp_table
    (testdata)
    values
    ('#mydata#')
    </cfquery>

    <cfquery name="selectdata" datasource="#dsn#">
    select testdata
    from temp_table
    </cfquery>

    <cfoutput>
    <cfif selectdata.testdata neq mydata>
    ERROR: DB data #selectdata.testdata# does not match original #mydata#
    <cfelse>
    Data OK.
    </cfif>
    </cfoutput>

    Gregd66 Guest
    Reply With Quote Reply With Quote

    2. Similar Questions and Discussions

    1. #40704 [NEW]: strip_tags does not handle single quotes correctly (another regression)
      From: email at steffenweber dot net Operating system: Linux PHP version: 5.2.1 PHP Bug Type: Strings related Bug...
    2. #40637 [NEW]: strip_tags does not handle single quotes correctly (regression)
      From: email at steffenweber dot net Operating system: Linux PHP version: 5.2.1 PHP Bug Type: Strings related Bug...
    3. Bug: Escaping of single-quotes in cfQuery !
      Attached code for better layout: CF automatically escapes single-quotes when outputtting values in queries. (Reason: Preventing of...
    4. MS Access driver not escaping single quotes?
      I was eventually able to 'solve' this problem by breaking my complicated page into several simpler ones. Even removing chunks of cf tags _after_...
    5. Escaping single quotes
      "Bruce A. Black" <bruceablk@ida.net> wrote in message news:3f2603af_2@newsfeed... Use stripslashes() on your text field before submitting....
  2. jonwrob #2

    Default Re: cfquery not escaping single quotes correctly

    Originally posted by: Gregd66
    It seems as if two single quotes together do not get escaped.

    <cfquery name="inserttest" datasource="#dsn#">
    insert into temp_table
    (testdata)
    values
    ('#mydata#')
    </cfquery>

    Bad programming practice. Use:

    <cfquery name="inserttest" datasource="#dsn#">
    insert into temp_table
    (testdata)
    values
    ( <cfqueryparam cfsqltype="CF_SQL_LONGVARCHAR" value="#mydata#"> )
    </cfquery>

    Good programming practice. Also resolves your quotes issue.

    JR


    jonwrob Guest
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139