Single quotes in an evaluate expression

Report · Oct 19, 2009

I need to evaluate a variable which is itself a variable

Then my variable "coment" contains "single quotes",

then this Query bugs, as the single quote is interpreted by SQL as end of value.

<cfquery name="upd_eval" datasource="#stw_article#">
   update mar_evaluation
   set eval_coment='#preservesinglequotes(coment)#'
   where eval_id=#form.mod_eval#
</cfquery>

I tried also this :

<cfset val="form.avis_#form.mod_eval#">
<cfquery name="upd_eval" datasource="#stw_article#">
   update mar_evaluation
   set eval_coment='#evaluate(val)#'
   where eval_id=#form.mod_eval#
</cfquery>

Same the SQL bugs,

so how to pass single quotes in the evaluate variable ?

For the momentI had to replace single quotes by blanc space to avoid he bug.

Thanks fo answers.

Pierre.

Report · Oct 19, 2009

I need to evaluate a variable which is itself a variable
<cfset val="form.avis_#form.mod_eval#">

No, you do not need evaluate. Simply use associative array notation:

where eval_id=#form.mod_eval#

Also, always look into cfqueryparam. It should be used on all user supplied values. Especially with databases capable of executing multiple statements.

Report · Oct 19, 2009

Good answer, but the syntax for the example is incorrect. You want something like,

form["constant_part" & variable_part]

Report · Oct 19, 2009

Ugh. Is there some special trick to posting code, when replying via email? Apparently the forum removed my code sample:

Report · Oct 19, 2009

Trick Number 1 - Don't reply by email. If you provide the correct answer by email, nobody else will know and someone else might duplicate your effort.

Trick Number 2 - avoid all the bells and whistles on this site. Just use the textarea.

Report · Oct 19, 2009

Don't reply by email. If you provide the correct answer by email, nobody else will know and someone else might duplicate your effort.

I am not sure what you mean. If you are subscribed to receive forum notifications, you can reply via email and the responses are automatically posted to the forum. Though I agree some of the extra style features seem rather "hit or miss".

Report · Oct 19, 2009

Those of us who don't subscibe access the forum with a web browser and don't have a reply via email option available. Therefore we have to make our own mistakes in order to be embarrassed. However, if we are quick, we can edit our replies before anyone else sees them.

Report · Oct 19, 2009

Dan Bracuk wrote:
However, if we are quick, we can edit our replies before anyone else sees them.

If others are subscribed, and many people are, it is already too late. As soon as you reply (either through email or the web forums), chances are someone has already seen the original version.

Though I still do not see how that is related to your earlier comment

If you provide the correct answer by email, nobody else will know and someone else might duplicate your effort

Replying to the forums via email is no problem. But apparently the forum software has issues there, as well as with the rich text editor in the web interface.

Adobe Community

Single quotes in an evaluate expression