>> WHERE PlayerNumber = '#FORM.PlayerNumber#' Using raw form data in a query leaves your site open to injection attacks. You should ALWAYS use cfqueryparam.
WHERE PlayerNumber = <cfqueryparam value="#FORM.PlayerNumber#" cfsqltype="CF_SQL_VARCHAR"> Dennis Powers UXB Internet - A website design and Hosting Company http://www.uxbinternet.com/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Newbie/message.cfm/messageid:3342 Subscription: http://www.houseoffusion.com/groups/CF-Newbie/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.15
