Copy link to clipboard
Copied
This is probaly a begineers question so apologies if it is a bit basic. It could also be a MySql fix rather than Colfusion!
I have a textarea field on a web form using the popular text editor ckeditor.
The form is posted to a Coldfusion page and the data is added to a MySQl database.
This works fine until someone adds a " in their text input. This being the escape character an error is generated!
ie:
<cfquery name="insert" datasource="text_test">
insert into TEXT (TEXT1, TEXT2) values ("#Form.text1#", "#Form.text2#");
</cfquery>
Any theories on how I can get round this would be gratefully apreciated.
Many thanks,
Paul.
Copy link to clipboard
Copied
Hi all,
I think that I may have cracked it!
As soon as I started checking on the security side of things and paramatised the variables it worked. I've left the thread up so that it may be of use to anyone else with the same issue.
eg.
<cfqueryparam value="#form.description#" cfsqltype="cf_sql_longtext">
Paul
Copy link to clipboard
Copied
You beat me to the punch. cfqueryparam is your friend. Always use it.