Hi Gabriel, Thanks so much! I talked to somebody at school today,and he told me that SQL injection attacks is something that you want to protect yourself from. I guess I never knew it was a big deal.
Thanks so much for pointing this out to me. Thanks again, John ----- Original Message ---- From: Gabriel <[EMAIL PROTECTED]> To: CF-Newbie <[email protected]> Sent: Thursday, July 10, 2008 9:42:44 PM Subject: RE: CF & MySQL Troubles John, The cfqueryparam tag is essential in any dynamic query to protect from sql injection attacks. The two main arguments used in the tag are cfsqltype and value, the function of value should be pretty clear and you're right cfsqltype specifies the datatype - coldfusion uses this information to make sure that the value entered is valid and automatically escapes single quotes etc from string values. Trust me, learn and get into the habit of using it, sql injection attacks can do massive harm to you, your clients or end users. <cfquery name="dynamicQueryExample" datasource="DSN"> Select somevalue From sometable Where someothervalue = <cfqueryparam cfsqltype="sometype" value="#dynamicValue#" /> </cfquery> Regards, Gabriel -----Original Message----- From: John Barrett [mailto:[EMAIL PROTECTED] Sent: Friday, 11 July 2008 3:54 PM To: CF-Newbie Subject: Re: CF & MySQL Troubles Hi gabriel, Thanks so much for your response. I looked on live docs: http://livedocs.adobe.com/coldfusion/8/htmldocs/help.html?content=Tags_p-q_1 8.html about the cfqueryparam tag, I have to say I am confused, as it seems this tag tells coldfusion what the database field is, in this case cf_sql_varchar. This tells cf that the db field is varchar, or another one could be CF_SQL_INTEGER. On live docs adobe tells using this with cfquery is a good security message, but is there a programing implication to it as well? I am a newbie, and always trying to learn the best ways to do things. Thanks again, John ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Newbie/message.cfm/messageid:3819 Subscription: http://www.houseoffusion.com/groups/CF-Newbie/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.15
