Cannot create members with special character surname

Question

I am working on a software where I cannot create a new member (ie person) with special characters in the surname. For example, the surname cannot be "O'Connor", because it contains a special character. But that type of surname can be added in database directly.

I am using ColdFusion and PostgreSQL 9.3. It works by removing the "cleantrim" function before surname in coding, but it is a temporary solution. Can anyone help me how we can do it?

                    '#Call.tSurName#', 
                    '#TrimCleanValue(Call.tFirstName)#', 
                    '#TrimCleanValue(CAll.tMiddleName)#', 
                    '#TrimCleanValue(Call.tPReferredName)#', 
                    '#TrimCleanValue(Call.tScoutingName)#',
                    '#TrimCleanValue(Call.tPostNominal)#', 
                    '#Call.tTitle#',

Use `cfqueryparam` and this will work. Your quote needs to be escaped — Matt Busche, Oct 31 '14 at 00:16

score 4 · Answer 1 · answered Oct 31 '14 at 01:38

You should be using cfqueryparam for all database inserts. Especially something coming from the client. Not only does cfqueryparam help prevent SQL injection it also escapes quotes and can help make your queries faster.

<cfqueryparam cfsqltype="cf_sql_varchar" value="#Call.tSurName#">, 
<cfqueryparam cfsqltype="cf_sql_varchar" value="#Call.tFirstName#">,
<cfqueryparam cfsqltype="cf_sql_varchar" value="#Call.tMiddleName">,
<cfqueryparam cfsqltype="cf_sql_varchar" value="#Call.tPReferredName">,
<cfqueryparam cfsqltype="cf_sql_varchar" value="#Call.tScoutingName">,
<cfqueryparam cfsqltype="cf_sql_varchar" value="#Call.tPostNominal">, 
<cfqueryparam cfsqltype="cf_sql_varchar" value="#Call.tTitle">

Cannot create members with special character surname

1 Answers1