ColdFusion adding extra quotes when constructing database queries in strings

Question

I am coding in ColdFusion, but trying to stay in cfscript, so I have a function that allows me to pass in a query to run it with #query#

Answer 1

The answer to your question, as others have said, is using preserveSingleQuotes(...)

However, the solution you actually want, is not to dynamically build your queries in this fashion. It's Bad Bad Bad.

Put your SQL inside the cfquery tags, with any ifs/switches/etc as appropriate, and ensure all CF variables use the cfqueryparam tag.

(Note, if you use variables in the ORDER BY clause, you'll need to manually escape any variables; cfqueryparam can't be used in ORDER BY clauses)