bobsmith123
IS-IT--Management
I am trying to build an SQL query dynamically, I know this is not a good idea, but its for an ad-hoc report. And I am getting hung up on needing quotes around some of the variables. For example, I am passing in a variable from a form, #form.name# and I am tryingt to build a query in the following way
<cfset strQuery = "SELECT ID FROM TABLE ">
<cfset strQueryWhere = "WHERE firstName = '#form.name'">
<cfset query = #strQuery# & #strQueryWhere#>
<cfquery name="myQuery" datasource="myDataSource">
#query#
</cfquery>
Now, I have a feeling it has to do with how the quotes are in te strQueryWhere variable, but I cannot figure it out. This works for integers, just not for strings that need quotes around them. Any help would be appreciated. Thanks.
<cfset strQuery = "SELECT ID FROM TABLE ">
<cfset strQueryWhere = "WHERE firstName = '#form.name'">
<cfset query = #strQuery# & #strQueryWhere#>
<cfquery name="myQuery" datasource="myDataSource">
#query#
</cfquery>
Now, I have a feeling it has to do with how the quotes are in te strQueryWhere variable, but I cannot figure it out. This works for integers, just not for strings that need quotes around them. Any help would be appreciated. Thanks.