Hi there,
I'm using a lot of URL variables in a current project that directly link
into DB statements and so to try and combat attempts by naughty people to
drop all me tables or linking malicious stuff, I'm using CF-Inputfilter, jus
like the kind people at Allaire have recommended.
But could anyone tell me the proper syntax for its usage?
What I basically need to do is use it to kill HTML tags in URL variables
As well as this - I need to stop the addition of attached SQL statements to
the variables so that
"someserver.com/someurl/someapp.cfm?someStr=Ipswich"
could not become
"someserver.com/someurl/someapp.cfm?someStr=Ipswich DELETE * FROM TABLE"
in the wrong hands...
If it was a numeric variable there wouldn't be a problem as I could just do
an IsNumeric , but this string has got me scratching my head (nits
notwithstanding).
Can anyone help?
--
Rich Wild
Senior Web Designer
-------------------------------------------------------
e-mango.com ltd Tel: 01202 587 400
Lansdowne Place Fax: 01202 587 401
17 Holdenhurst Road
Bournemouth Mailto:[EMAIL PROTECTED]
BH8 8EW, UK http://www.e-mango.com
-------------------------------------------------------
------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
