-1

I have a field (WASIS below) where I need to accept anything the user types: special characters, single quotes, double quotes, slashes, etc. In order to allow it, I am doing as follows:

INSERT INTO CP_WASIS(IDWASIS, IDCP, IDDeveloper, WASdef)
VALUES (
    #wasisid#
    , #id#
    , #developer#
    , '#replace(replace(replace(Wasdef, "”","""","all"),"“","""","all")," – "," - ","all")#'
 )

It allows the variable to have single and double quotes, but does not allow it to have slashes. I need the slashes to be accepted too.

How should I write this code to work as I need?

Leigh
  • 28,765
  • 10
  • 55
  • 103
Marcela Rocha
  • 79
  • 2
  • 12
  • 1
    Please research before posting. The tag cfqueryparam should show up in Google searches for this type of issue often. – Chris Tierney Mar 27 '14 at 19:26
  • 5
    You should be using `cfqueryparam`. Not only will it handle quoting issues without the need for a bunch of replace statements, it will protect your database from sql injection. – Leigh Mar 27 '14 at 19:26
  • I'm sorry Chris Tierney, but try to search in google for: coldfusion mysql slashes singlequotes doublequotes – Marcela Rocha Mar 27 '14 at 20:03
  • ...or any combination of the keywords above, yes, nothing useful comes, the only way to find cfqueryparam was if I already knew this funcition. Anyway, thanks for your help, it was very useful, I classified your answer as correct and fine. – Marcela Rocha Mar 27 '14 at 20:04

1 Answers1

4
<cfqueryparam>

will solve this for you.

Chris Tierney
  • 1,539
  • 1
  • 8
  • 16