To help with SQL Injection use <cfqueryparam> Any query hitting your database where you pass a variable needs to have a <cfqueryparam>
select foo from myTable where myNumberVariable = <cfqueryparam cf_sql_type="cf_sql_numeric" value="#form.foofield#" /> It's real simple to convert your queries... Let me know if you run into problems with cfqueryparam.. On Tue, Mar 11, 2008 at 2:56 PM, Frank Velazquez <[EMAIL PROTECTED]> wrote: > Will, That's what I'm trying to do... Since I am a Graphic Artist gone > Developer lol I love visual aid, once the site stars getting recognition > which is what is expected, I will get a team to improve and make changes > since I am self thaught on all the CF i know. and I know it has taken me prob > 2 times what would have taken any of you to dveloped what I have lol, but > it's cool, once the site opens April First, I'm going to star focusng on > migrating to MySql. > > If you guys wanna check out my work go to www.uberhunt.com, you will only > see a count down there, but if you type /beta you will see the site. I also > made a commercial for it last week www.youtube.com/uberhunters :-) > > I'm rying to make my forms secure to prevent injection attacks, but I don't > know how to use cfparam, and cfqueryparam if any of you know a quick easy way > to do it. > The issue with CFPARAM is that I don't knwo where to place it, is before > form submition of after. and the same with cfqueryparam. > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Newbie/message.cfm/messageid:3420 Subscription: http://www.houseoffusion.com/groups/CF-Newbie/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.15
