Comments on snippet: 'Inserting from a form into a database' Snipplr comments feed https://snipplr.com/ Sun, 05 Apr 2026 21:19:59 +0000 deepdown said on 17/Apr/2009 https://snipplr.com/view/3427/inserting-from-a-form-into-a-database <p>You should use cfqueryparam to avoid SQL injection. Furthermore if #form.msg# contains a single quote it breaks the code. The cfsqltype attribute in cfqueryparam is optional by the way :) ` INSERT INTO comment(poster, email, msg) VALUES (, , ) `</p> Fri, 17 Apr 2009 11:25:55 UTC https://snipplr.com/view/3427/inserting-from-a-form-into-a-database deepdown said on 17/Apr/2009 https://snipplr.com/view/3427/inserting-from-a-form-into-a-database <p><code> INSERT INTO comment(poster, email, msg) VALUES (, , ) <code></p> Fri, 17 Apr 2009 11:27:29 UTC https://snipplr.com/view/3427/inserting-from-a-form-into-a-database