Change style:

Big /
Small

Posted By

andrewbowley on 07/31/07

Tagged

form database insert db query

Versions (?)

Inserting from a form into a database

/ Published in: ColdFusion

Expand | Embed | Plain Text

<cfquery datasource="turpinsshoutbox" username="root">
    INSERT INTO comment(poster, email, msg)
    VALUES ('#Form.poster#', '#Form.email#', '#Form.msg#')
</cfquery>
<cflocation url="shoutbox.cfm" addToken="No">

Report this snippet Tweet

Comments

Subscribe to comments

Posted By: deepdown on April 17, 2009

You should use cfqueryparam to avoid SQL injection. Furthermore if #form.msg# contains a single quote it breaks the code.

The cfsqltype attribute in cfqueryparam is optional by the way :)

` INSERT INTO comment(poster, email, msg) VALUES (, , )

`

Posted By: deepdown on April 17, 2009



INSERT INTO comment(poster, email, msg)
VALUES (, , )

										
											Comment:
						
					You need to login to post a comment.




	
		
			Code Snippets/
			
			Extras/

			Snipplr Blog/
			
			About Snipplr
			
			
		
	



	Choose a language for easy browsing:
	
		ActionScript
ActionScript 3
Apache
AppleScript
ASP
Assembler
AutoIt
Awk
Bash
C
C#
C++
Clojure
ColdFusion
CSS
Delphi
Diff
Django
DOS Batch
Emacs Lisp
eZ Publish
Forth
Fortran
Gnuplot
Groovy
HAML
Haskell
HTML
iPhone
Java
JavaScript
jQuery
LaTeX
lighttpd
Lisp
Lua
Makefile
MatLab
Maxscript
Mel
MXML
MySQL
NewtonScript
Objective C
Open Firmware
Other
Pascal
Perl
PHP
PicBasic
PL/SQL
Processing
Prolog
Pseudocode
Python
R
Rails
Regular Expression
Revolution
Ruby
SAS
SASS
Scala
Scheme
SmallTalk
Smarty
SML
SPSS
SQL
SVN
Symfony
TCL
Textpattern
TYPO3
VB.NET
VHDL
Visual Basic
W-Language
Windows PowerShell
Windows Registry
XHTML
XML
XSLT