Solved

Extra single quote (apostrophe) added around variable in SQL query

Posted on 2006-06-23
1
317 Views
Last Modified: 2013-12-24
I’ve come across something odd that I’d like some help with or at least some explanation of why it happens.  If I run this query, it runs just fine:

<cfquery name="GetUserInfo" datasource="myDataBase">
SELECT ID, name, surname
FROM demographics
WHERE ID IN ('007','008')
</cfquery>

But if I try to use a variable to store what ID’s I want to search over, like so:
 
<cfset teststring = "'007','008'">
 
<cfquery name="GetUserInfo" datasource="myDataBase">
SELECT ID, name, surname
FROM demographics
WHERE ID IN (#teststring#)
</cfquery>
 
 
... I get the following SQL error:

   Incorrect syntax near '007'
 
   SELECT ID, name, surname FROM demographics WHERE ID IN (''007'',''008'')

Note that the two ID numbers have double single quotes around them!  Why did that happen?  Can anyone else replicate this issue, or is it something specific to my server?  How does SQL even know that I inserted a variable, since the ColdFusion variable is resolved before the SQL code is executed?  Is this a setting in the SQL Server to prevent code injection?  Thanks!
0
Comment
Question by:tihetal
1 Comment
 
LVL 10

Accepted Solution

by:
rob_lorentz earned 125 total points
ID: 16970281
<cfquery name="GetUserInfo" datasource="myDataBase">
    SELECT ID, name, surname
    FROM demographics
    WHERE ID IN (#preservesinglequotes(testString)#)
</cfquery>

0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Redirect website ! 4 54
Webserver access problem 5 74
ip / url redirect 13 72
In IIS redirect browser clients that do not support TLS 1.2 to another site 3 106
Article by: kevp75
Hey folks, 'bout time for me to come around with a little tip. Thanks to IIS 7.5 Extensions and Microsoft (well... really Windows 8, and IIS 8 I guess...), we can now prime our Application Pools, when IIS starts. Now, though it would be nice t…
Introduction This article explores the design of a cache system that can improve the performance of a web site or web application.  The assumption is that the web site has many more “read” operations than “write” operations (this is commonly the ca…
In a recent question (https://www.experts-exchange.com/questions/28997919/Pagination-in-Adobe-Acrobat.html) here at Experts Exchange, a member asked how to add page numbers to a PDF file using Adobe Acrobat XI Pro. This short video Micro Tutorial sh…

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question