Posted By

andrewbowley on 07/31/07


Tagged

form database insert db query


Versions (?)

Inserting from a form into a database


 / Published in: ColdFusion
 

  1. <cfquery datasource="turpinsshoutbox" username="root">
  2. INSERT INTO comment(poster, email, msg)
  3. VALUES ('#Form.poster#', '#Form.email#', '#Form.msg#')
  4. </cfquery>
  5. <cflocation url="shoutbox.cfm" addToken="No">

Report this snippet  

Comments

RSS Icon Subscribe to comments
Posted By: deepdown on April 17, 2009

You should use cfqueryparam to avoid SQL injection. Furthermore if #form.msg# contains a single quote it breaks the code.

The cfsqltype attribute in cfqueryparam is optional by the way :)

` INSERT INTO comment(poster, email, msg) VALUES (, , )

`

Posted By: deepdown on April 17, 2009

INSERT INTO comment(poster, email, msg) VALUES (, , )

You need to login to post a comment.