Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 331
  • Last Modified:

Extra single quote (apostrophe) added around variable in SQL query

I’ve come across something odd that I’d like some help with or at least some explanation of why it happens.  If I run this query, it runs just fine:

<cfquery name="GetUserInfo" datasource="myDataBase">
SELECT ID, name, surname
FROM demographics
WHERE ID IN ('007','008')
</cfquery>

But if I try to use a variable to store what ID’s I want to search over, like so:
 
<cfset teststring = "'007','008'">
 
<cfquery name="GetUserInfo" datasource="myDataBase">
SELECT ID, name, surname
FROM demographics
WHERE ID IN (#teststring#)
</cfquery>
 
 
... I get the following SQL error:

   Incorrect syntax near '007'
 
   SELECT ID, name, surname FROM demographics WHERE ID IN (''007'',''008'')

Note that the two ID numbers have double single quotes around them!  Why did that happen?  Can anyone else replicate this issue, or is it something specific to my server?  How does SQL even know that I inserted a variable, since the ColdFusion variable is resolved before the SQL code is executed?  Is this a setting in the SQL Server to prevent code injection?  Thanks!
0
tihetal
Asked:
tihetal
1 Solution
 
rob_lorentzCommented:
<cfquery name="GetUserInfo" datasource="myDataBase">
    SELECT ID, name, surname
    FROM demographics
    WHERE ID IN (#preservesinglequotes(testString)#)
</cfquery>

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now