I have a simple query to a SQL database that returns a record
set. Within the record set is a field that contains HTML and CFML.
When I display the content it reads the CF tags literally. Is there
any way to get the CF tags to be processed when it is returned in
the query output? See example below.
------------------ CODE ON PAGE
<CFQUERY name="getdata" datasource="DSN">
select ID, HTMLFIELD
where ID = '1'
Before I tell you how to do this, keep in mind that It is not
recommended to allow users to execute CFML. They could delete
databases, files, steal info. So if you are going to allow this you
need to REALLY REALLY TRUST your users. It is a risky thing to do.
The way you can execute the code would be to write the code
to a temporary file, and then use CFINCLUDE to include the file.
Then delete the temp file once you are done with it.
But again, make sure you understand the risks before you
I've done a similar feature for a site I wrote that allowed
users to edit pages on the fly, only I pre-selected functions that
could be used and created wrappers for them. Then the users would
insert something like $now()$ in the WYSIWYG. Then when the page
was requested I would pass the data containing HTML and psuedo-CFML
through parse routine which would render the end results in a
I would really recommend this route as you will have much
more controll over the types of scripts that can be run. It is also
easy to make buttons that insert the code for them.