Single Quotes and SQL Statements

Single quotes are used to delimit SQL strings, and so single quotes within SQL statements must therefore be escaped. Fortunately ColdFusion escapes single quotes for you when needed (for example, when a variable passed to contains a string containing a quote). But what when you don’t want text escaped (for example, if you build entire SQL statements containing single quotes as delimiters instead of as actual text)? Then you’d need to prevent ColdFusion from escaping the quotes for your SQL to function properly. This can be accomplished using the PreserveSingleQuotes() function which takes a string as a parameter and passes it to the database as is – unescaped. (Applies to: ColdFusion All)

Leave a Reply