Solved

Dealing with single quote marks in input boxes

Posted on 2003-11-25
8
1,695 Views
Last Modified: 2013-12-24
How do I deal with single quotes in input boxes?  When the form is submitted, it causes errors in the SQL statement.  What do I need to do to avoid that?
0
Comment
Question by:theamzngq
8 Comments
 
LVL 25

Expert Comment

by:James Rodgers
ID: 9820037
either replace them prior to submission using js, or during the submission process using rereplace

in js

in your form validation

document.form.textbox.value.replace(/\'/g,'"');


or in the coldfusion processing

#rereplace(#form.textbox#,"'","#chr(34)#","all")#

the above will replace single quote with double quote
0
 
LVL 6

Expert Comment

by:PE_CF_DEV
ID: 9820137
ColdFusion normally does this for you unless you are using a function already..so if you have

insert stuff
('#coldfusionfunction(form.textbox)#',...)

 it won't make it SQL safe you can do something like Jester suggested, I would recomend doing
#rereplace(#form.textbox#,"'","''","all")# (2 single quotes that escaped the ' in SQL like ## output # in coldfusion), or you can do this:
<cfset variablename=coldfusionfunctions(form.textbox)>
insert stuff
('#variablename#',...)

0
 
LVL 10

Accepted Solution

by:
Mause earned 125 total points
ID: 9820609
You can use #preservesinglequotes(yourvar)# to escape a single quote mark

But I think its better to use
<cfqueryPARAM value = "#yourvar#"  CFSQLType = "CF_SQL_CHAR">
for escaping your single quote mark and other trobleshooting characters

for more information see:
http://livedocs.macromedia.com/coldfusion/6.1/htmldocs/tags-b20.htm

hope this helps
Mause
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 2

Author Comment

by:theamzngq
ID: 9820925
wow, thanks.  Some of the tags/functions you all have mentioned are unfamiliar to me: rereplace, coldfusionfunction, preservesinglequotes

What are your (all) opinions about the answers that the others have given?  I've read several articles that stress the use of CFQUERYPARAM, would that be the best approach since it seems to be the 'proper' way of coding INSERTs?  Will that tag escape other special characters in addition to the single quote?
0
 
LVL 2

Author Comment

by:theamzngq
ID: 9820931
One more thing, do double quotes cause problems in some situations?  What if my SQL statements use double quotes instead of single quotes around CHAR data?
0
 
LVL 6

Expert Comment

by:PE_CF_DEV
ID: 9820939
preservesinglequotes(yourvar) will not work...it is used to KEEP the single quotes and to keep Coldfusion from doubling up the quotes...
Like if you have a string state_list : 'OH','FL','TX'

If you do
where state IN (#state_list#)

Coldfusion will try to make it :
where state in (''OH'',''FL'',''TX'')
 
You use preservesinglequotes()
where state IN (#preservesinglequotes(state_list)#)

ColdFusion does not try to double up the ' which will allow it to be
where state in ('OH','FL','TX')
Like it should be.
0
 
LVL 6

Expert Comment

by:PE_CF_DEV
ID: 9820946
coldfusionfunction is not a function it was just my way of saying any function you use. Sorry for the confusion :)
0
 
LVL 2

Author Comment

by:theamzngq
ID: 9821564
It looks like using CFQUERYPARAM did the trick, as well as take care of ANY special characters I entered.  Thanks for the input everyone!
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
connection string question 2 69
Internal DNS Zone Issue 13 74
Unsearchable in Google,Yahoo and Bing. 6 61
whm high memory usage in processes 7 89
Periodically we have to update or add SSL certificates for customers. Depending upon your hosting plan you may be responsible for the installation and/or key generation. In the wake of Heartbleed many sites were forced to re-key. We will concen…
Introduction This article explores the design of a cache system that can improve the performance of a web site or web application.  The assumption is that the web site has many more “read” operations than “write” operations (this is commonly the ca…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question