No escape character with dircect method call in cfquery

Ask a Question related to Coldfusion Database Access, Design and Development.

  1. Lion_b1 #1

    Default No escape character with dircect method call in cfquery

    Hello,

    I found the follwing behavior when I tried to use a method call directly in a
    <cfquery>.
    In this case single quote characers will not be escaped.

    Is it a bug or a feature?

    Example:

    #variables.login_name# => O'Hara

    Problems (no escape of ' ) with:
    (SQL Syntax error or access violation: You have an error in your SQL syntax
    near ....)

    <cfquery datasource="test" name="ins">
    INSERT INTO at02_admin
    ( login_name )
    VALUES
    ( '#StringReturn.teststring(variables.login_name)#' )
    </cfquery>


    O.K with
    <cfquery datasource="test" name="ins">
    INSERT INTO at02_admin
    ( login_name )
    VALUES
    ( '#variables.login_name#' )
    </cfquery>

    The comonent is defined (for testing only) like
    <cfcomponent displayname="StringReturn">
    <cffunction name="teststring">
    <cfargument name="sString" type="string" required="true" >
    <cfset var sTest = ARGUMENTS.sString />
    <cfreturn sTest >
    </cffunction>
    </cfcomponent>

    Please let me know if someone is having similar problems.

    Thanks.

    Bernhard

    Lion_b1 Guest
    Reply With Quote Reply With Quote

    2. Similar Questions and Discussions

    1. #37262 [Asn->Csd]: var_export() does not escape \0 character
      ID: 37262 Updated by: iliaa@php.net Reported By: idiom at mail dot ru -Status: Assigned +Status: ...
    2. Escape character in SQL - how do I ignore ?
      I have laboured through the joys of importing a CSV file and sticking the values in a MySQL database. So far so good. However the CSV file contains...
    3. Escape character when setting variable
      I'm unsure on how to escape a character when setting a session variable. Here's my problem, I'm getting an outside variable that contains a dash in...
    4. [PHP] explode and escape character for string separator
      One set of delimiters I often use for text files is ~~ or ^^. They are fairly unique. If they do appear in a file then there is probably garbage in...
    5. explode and escape character for string separator
      --- "Reuben D. Budiardja" <reubendb@innovativethought.com> wrote: You should strive to make your delimiter unique. A delimiter that might...
  2. eastinq #2

    Default Re: No escape character with dircect method call incfquery

    Have you tried using the PreserveSingleQuotes() function in your Insert statement?
    eastinq Guest
    Reply With Quote Reply With Quote
  3. paross1 #3

    Default Re: No escape character with dircect method call incfquery

    Have you tried using CFQUERYPARAM for your insert value.

    Phil
    paross1 Guest
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139