Injection is mostly when you take content and use that content in a SQL query. If you are using that variable in a query, use cfqueryparam.
In most cases where you are printing to the screen you will be OK, at least when it comes to Coldfusion. really good articles on Injection http://en.wikipedia.org/wiki/Sql_injection http://www.sys-con.com/read/165921.htm http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/ Mike Chytracek Managing Partner Ignite Solutions p. 312.239.0032 c. 815.302.3507 f. 866.839.7896 -----Original Message----- From: Frank Velazquez [mailto:[EMAIL PROTECTED] Sent: Thursday, March 13, 2008 2:08 PM To: CF-Newbie Subject: a bit more into cfqueryparam hey guys what's up? Well I'm using <cfqueryparam> in my forms now to prevent injection, everythign si workign good, but I have a quick question. if I have a <cfoutput> that goes like this: THIS IS YOU ID NUMBER: <cfoutput>#url.HunterId#</cfoutput>! Would this get injection issues? if so, how would I fix it? Thanks. Frank V Uberhunt.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Newbie/message.cfm/messageid:3436 Subscription: http://www.houseoffusion.com/groups/CF-Newbie/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.15
