Status/Resolution/Reason: Closed/Won't Fix/LowImpact
Reporter/Name(from Bugbase): Daryl Banttari / Daryl Banttari (cfprimer_guy)
Created: 01/06/2009
Versions: 9.0
Failure Type: Unspecified
Found In Build/Fixed In Build: 0000 /
Priority/Frequency: Normal / Unknown
Locale/System: English / Platforms All
Vote Count: 1
Problem:
Query().setSQL() does not automatically escape quotes the way <cfquery> does. Not sure if this is really a "bug" per se, but didn't want the behavior to go unlogged.
For my two cents, I'd hope people would used named or numbered parameters when using setSQL().
Method:
name = "Daryl's Test";
qry = new Query();
qry.setDatasource("testDSN");
qry.setSQL("SELECT * FROM TestTable WHERE Name = '#name#'");
qry.execute();
Result:
----------------------------- Additional Watson Details -----------------------------
Watson Bug ID: 3037172
External Customer Info:
External Company:
External Customer Name: Daryl Banttari
External Customer Email: 63180D784462A9A5992015D5
External Test Config: 01/06/2009Attachments:
Comments: