Home/ Questions/Q 6164537
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T22:00:37+00:00

Possible Duplicate: Coldfusion adding extra quotes when constructing database queries in strings All, I

  • 0

Possible Duplicate:
Coldfusion adding extra quotes when constructing database queries in strings

All,

I am trying to use a getter to reference a bean during an insert. CF is not escaping the single quote properly in the value in ‘form.title’ and therefore I am receiving a malformed sql error.

Any ideas?

Here’s the code.

<cfscript>
form.title = "page's are awesome";

page = new model.page.page(argumentCollection = form);


<cfquery name="test" datasource="ksurvey">
insert into page(title)
values('#page.getTitle()#')
</cfquery>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If you’re going to do it that way, you need preserveSingleQuotes()

    INSERT INTO page( title )
    VALUES ( '#preserveSingleQuotes( page.getTitle() )#' )

    Of course, insert the standard caveat about how you should be using cfqueryparam to avoid SQL injection attacks.

    INSERT INTO page( title )
    VALUES ( <cfqueryparam value="#page.getTitle()#" cfsqltype="cf_sql_varchar" /> )

    For reference:

    • 0