I dont know if this has anything to do with my problem or not, but I thought I should add this:
When a user is filling out the form that has the textarea, they put whatever text they want into the textarea field.
Then, they click on a 'Continue' button and the system shows them a preview of what they are about to have inserted
into the database.
Within the code on this preview page is a hidden field, which holds the contents of their textarea data so it can be
passed on through the process once the user verifies the preview.
This is done using this: input type="hidden" name="text" value="<cfoutput>#text#</cfoutput>"
Like I said, I don't know if that has anything to do with this problem, but thought it might be good to mention it
Turns out that the hidden text field that was being used to store the text input data during the preview process was the issue.
As soon as I yanked the preview out of the process, everything worked just fine.
So, in order to get around this problem I guess I'm going to have to work on preserving/escaping the doublequotes at that point, and not either 'just before' or 'during' the actual input query.
Seems like all it takes for me to fix something myself is to finally ask for help hehe..
I believe that you just answered your question with the additional information you posted. The first of the double quotes that the user is typing into the textrea is becomming the terminating double quote on the value= part of the hidden form field. The rest of the user input, including the second double quote, is just "hanging" there in the middle of the input tag.
Try this: wrap URLencodedformat() the string in the value= part of the hiddle field's input tag, and then decode it on the next page before you put it into the SQL statement.