Solved

Extra single quote (apostrophe) added around variable in SQL query

Posted on 2006-06-23
1
314 Views
Last Modified: 2013-12-24
I’ve come across something odd that I’d like some help with or at least some explanation of why it happens.  If I run this query, it runs just fine:

<cfquery name="GetUserInfo" datasource="myDataBase">
SELECT ID, name, surname
FROM demographics
WHERE ID IN ('007','008')
</cfquery>

But if I try to use a variable to store what ID’s I want to search over, like so:
 
<cfset teststring = "'007','008'">
 
<cfquery name="GetUserInfo" datasource="myDataBase">
SELECT ID, name, surname
FROM demographics
WHERE ID IN (#teststring#)
</cfquery>
 
 
... I get the following SQL error:

   Incorrect syntax near '007'
 
   SELECT ID, name, surname FROM demographics WHERE ID IN (''007'',''008'')

Note that the two ID numbers have double single quotes around them!  Why did that happen?  Can anyone else replicate this issue, or is it something specific to my server?  How does SQL even know that I inserted a variable, since the ColdFusion variable is resolved before the SQL code is executed?  Is this a setting in the SQL Server to prevent code injection?  Thanks!
0
Comment
Question by:tihetal
1 Comment
 
LVL 10

Accepted Solution

by:
rob_lorentz earned 125 total points
Comment Utility
<cfquery name="GetUserInfo" datasource="myDataBase">
    SELECT ID, name, surname
    FROM demographics
    WHERE ID IN (#preservesinglequotes(testString)#)
</cfquery>

0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

Have you ever sent email via ColdFusion and thought of tracking this mail to capture the exact date and time when the message was opened ?  If yes, then this article is for you ! First we need a table user_email with columns user_id , email , sub…
Article by: kevp75
Hey folks, 'bout time for me to come around with a little tip. Thanks to IIS 7.5 Extensions and Microsoft (well... really Windows 8, and IIS 8 I guess...), we can now prime our Application Pools, when IIS starts. Now, though it would be nice t…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now