truncate table temp_table insert into temp_table (testdata) values ('#mydata#') select testdata from temp_table ERROR: DB data #selectdata.testdata# does not match original #mydata# Data OK. [allowsmilie] => 1 [showsignature] => 0 [ipaddress] => [iconid] => 0 [visible] => 1 [attach] => 0 [infraction] => 0 [reportthreadid] => 0 [isusenetpost] => 1 [msgid] => [ref] => [htmlstate] => on_nl2br [postusername] => Gregd66 [ip] => webforumsuser@m [isdeleted] => 0 [usergroupid] => [membergroupids] => [displaygroupid] => [password] => [passworddate] => [email] => [styleid] => [parentemail] => [homepage] => [icq] => [aim] => [yahoo] => [msn] => [skype] => [showvbcode] => [showbirthday] => [usertitle] => [customtitle] => [joindate] => [daysprune] => [lastvisit] => [lastactivity] => [lastpost] => [lastpostid] => [posts] => [reputation] => [reputationlevelid] => [timezoneoffset] => [pmpopup] => [avatarid] => [avatarrevision] => [profilepicrevision] => [sigpicrevision] => [options] => [akvbghsfs_optionsfield] => [birthday] => [birthday_search] => [maxposts] => [startofweek] => [referrerid] => [languageid] => [emailstamp] => [threadedmode] => [autosubscribe] => [pmtotal] => [pmunread] => [salt] => [ipoints] => [infractions] => [warnings] => [infractiongroupids] => [infractiongroupid] => [adminoptions] => [profilevisits] => [friendcount] => [friendreqcount] => [vmunreadcount] => [vmmoderatedcount] => [socgroupinvitecount] => [socgroupreqcount] => [pcunreadcount] => [pcmoderatedcount] => [gmmoderatedcount] => [assetposthash] => [fbuserid] => [fbjoindate] => [fbname] => [logintype] => [fbaccesstoken] => [newrepcount] => [vbseo_likes_in] => [vbseo_likes_out] => [vbseo_likes_unread] => [temp] => [field1] => [field2] => [field3] => [field4] => [field5] => [subfolders] => [pmfolders] => [buddylist] => [ignorelist] => [signature] => [searchprefs] => [rank] => [icontitle] => [iconpath] => [avatarpath] => [hascustomavatar] => 0 [avatardateline] => [avwidth] => [avheight] => [edit_userid] => [edit_username] => [edit_dateline] => [edit_reason] => [hashistory] => [pagetext_html] => [hasimages] => [signatureparsed] => [sighasimages] => [sigpic] => [sigpicdateline] => [sigpicwidth] => [sigpicheight] => [postcount] => 1 [islastshown] => [isfirstshown] => 1 [attachments] => [allattachments] => ) --> cfquery not escaping single quotes correctly - Coldfusion Database Access

cfquery not escaping single quotes correctly - Coldfusion Database Access

It seems as if two single quotes together do not get escaped. <!--- This code works in CF5 with the proper Data OK message. It does not work on MX7 using an oracle jdbc or native driver. If you look at the debug of the insert statement you will see it is not escaped correctly. CF is suppossed to escape it automatically. ---> <cfset dsn="testdsn"> <cfset mydata="'' '"> <!--- if you put a character between the first 2 single quotes it will work in MX7 ???? ---> <cfquery name="selectdata" datasource="#dsn#"> truncate table temp_table </cfquery> <cfquery name="inserttest" datasource="#dsn#"> insert into temp_table ...

  1. #1

    Default cfquery not escaping single quotes correctly

    It seems as if two single quotes together do not get escaped.

    <!---
    This code works in CF5 with the proper Data OK message.
    It does not work on MX7 using an oracle jdbc or native driver.
    If you look at the debug of the insert statement you will see it
    is not escaped correctly. CF is suppossed to escape it automatically.
    --->


    <cfset dsn="testdsn">
    <cfset mydata="'' '"> <!--- if you put a character between the first 2 single
    quotes it will work in MX7 ???? --->

    <cfquery name="selectdata" datasource="#dsn#">
    truncate table temp_table
    </cfquery>

    <cfquery name="inserttest" datasource="#dsn#">
    insert into temp_table
    (testdata)
    values
    ('#mydata#')
    </cfquery>

    <cfquery name="selectdata" datasource="#dsn#">
    select testdata
    from temp_table
    </cfquery>

    <cfoutput>
    <cfif selectdata.testdata neq mydata>
    ERROR: DB data #selectdata.testdata# does not match original #mydata#
    <cfelse>
    Data OK.
    </cfif>
    </cfoutput>

    Gregd66 Guest

  2. #2

    Default Re: cfquery not escaping single quotes correctly

    Originally posted by: Gregd66
    It seems as if two single quotes together do not get escaped.

    <cfquery name="inserttest" datasource="#dsn#">
    insert into temp_table
    (testdata)
    values
    ('#mydata#')
    </cfquery>

    Bad programming practice. Use:

    <cfquery name="inserttest" datasource="#dsn#">
    insert into temp_table
    (testdata)
    values
    ( <cfqueryparam cfsqltype="CF_SQL_LONGVARCHAR" value="#mydata#"> )
    </cfquery>

    Good programming practice. Also resolves your quotes issue.

    JR


    jonwrob Guest

Similar Threads

  1. Replies: 1
    Last Post: March 3rd, 03:46 PM
  2. #40637 [NEW]: strip_tags does not handle single quotes correctly (regression)
    By email at steffenweber dot net in forum PHP Bugs
    Replies: 2
    Last Post: February 27th, 12:15 AM
  3. Bug: Escaping of single-quotes in cfQuery !
    By Stefan K. in forum Coldfusion - Advanced Techniques
    Replies: 1
    Last Post: April 11th, 04:42 PM
  4. MS Access driver not escaping single quotes?
    By DGH in forum Coldfusion Database Access
    Replies: 0
    Last Post: March 16th, 09:06 PM
  5. Escaping single quotes
    By in forum PHP Development
    Replies: 0
    Last Post: July 30th, 11:28 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •