Comments on: Best Reason to Use CFQueryParam: Avoid Odd SQL Parsing by ColdFusion

By: Gordon

Gordon — Sun, 25 Dec 2011 15:06:25 +0000

You provide some very useful information. Thank you for sharing.

By: Pinched Nerve Symptoms

Pinched Nerve Symptoms — Sun, 30 Oct 2011 03:28:54 +0000

Thanks for the help. Now go get an ice pack for your head, haha

By: Hamlet

Hamlet — Thu, 15 Sep 2011 14:59:21 +0000

Thanks for posting. We had the same problem – fixing it now.

By: Parker

Parker — Wed, 14 Sep 2011 21:47:26 +0000

Thank you for the tip! Very helpful!!

By: Josh

Josh — Wed, 18 May 2011 15:42:13 +0000

It could be many things, but check to see if s/he is using any weird characters. For instance, sometimes when people type some content in Word and copy/paste it, all of the smart quotes and long dashes and so on get copied in, and sometimes your database or ODBC/JDBC connection won’t like that. Just one thing to check.

By: Ted Daniels

Ted Daniels — Wed, 18 May 2011 15:32:35 +0000

I thought this was my solution to a problem where the narrative report of all but one officers is stored correctly in the database, but most of the reports of that single officer just will not save (CF8/MSSQL). Tried the above solution, but still the same results, so still scratching my head!!Suggestions welcome, other than firing that one officer! Obviously I have to sit down with him to try to figure out what he is doing differently than the others.

By: Noahsarkive

Noahsarkive — Fri, 29 Apr 2011 20:27:29 +0000

Me too! I used it in conjuction with PreserveSingleQuotes() as in

By: Sheila

Sheila — Thu, 21 Apr 2011 16:55:22 +0000

You just solved my problem! I’m using CF9. So this is still a problem.

By: Josh

Josh — Mon, 11 Apr 2011 16:37:10 +0000

Glad to hear it!! This can be a real tough one to figure out!

By: susan

susan — Mon, 11 Apr 2011 14:03:03 +0000

forever in your debt for saving my Monday morning!

By: sam

sam — Sat, 28 Aug 2010 10:46:25 +0000

Thanks for the article … i like the way you write (this is what ive got, this is the answer). We we’re having repeated trouble with our CMS when using basic punctuation, and more and more single quotes would be added each time the item was saved. Using cfqueryparam fixed it nicely, and now we have all our field matched to mysql input types. very good. as you were…

By: stewart

stewart — Mon, 12 Jan 2009 22:32:10 +0000

We just saw this issue today after posting a new major revision and doing a import test, looks like someone forgot a cfqueryparam and it almost caused us to roll back the whole site.

By: shakti

shakti — Fri, 31 Oct 2008 04:41:14 +0000

thanks mate. had the same problem and kept looking in Cf administrator and sql permissions. added queryparam and worked straight away. i’ll use it religiously from nw on. thanks again for the post..

By: ike

ike — Wed, 29 Oct 2008 19:32:24 +0000

Nice article.

Something similar happens on the database side with MySQL. It turns out that MySQL uses the backslash as an escape character so having as an example, C:\some\directory in a string literal in an insert query will cause a similar problem at the database level.

I believe there is a way to escape them, but why put yourself through the hassle of doing something extra when it’s going to make your code less portable (i.e. MySQL-specific).

You could instead use cfqueryparam and that will keep your code portable and take care of the escaping for you.

Or just pick an ORM tool like DataFaucet that will put all the cfqueryparam tags in for you and make the application more portable at the same time.