cfqueryparam is 42
Jan. 11th, 2011 08:50 am![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
janewilliams20The answer to all questions, that is.
I've just been trying to use CF to set up some SQL to put a URL into a table. The URL was straight out of a stored value, not from the user, so no danger of injection:
update mytable
set mycol = "#myurl#"
right?
Wrong. All the "\" characters in the URL get interpreted as escape characters.
Yes, you can mess around replacing \ by \\, or you can do this:
set mycol= <cfqueryparam cfsqltype="cf_sql_varchar" value="#myurl#">,
And it automagically sorts it for you.
If I hadn't been so fuzzy-headed last night, I'd have spotted that in moments. I hate being ill!
I've just been trying to use CF to set up some SQL to put a URL into a table. The URL was straight out of a stored value, not from the user, so no danger of injection:
update mytable
set mycol = "#myurl#"
right?
Wrong. All the "\" characters in the URL get interpreted as escape characters.
Yes, you can mess around replacing \ by \\, or you can do this:
set mycol= <cfqueryparam cfsqltype="cf_sql_varchar" value="#myurl#">,
And it automagically sorts it for you.
If I hadn't been so fuzzy-headed last night, I'd have spotted that in moments. I hate being ill!