RE: CF_Inputfilter syntax

Greg Saunders Tue, 09 May 2000 17:58:21 -0700
At 01:47 PM 5/9/00 +0100, Rich Wild wrote:
>I'm just going to quietly top this one for the last time and then I'll give
>it up ;)
>
>There must be someone using it or even using some other sort of URL security
>in their templates.
>
>Anyone give help, advice, flames?

have you tried:

     http://www.allaire.com/Handlers/index.cfm?ID=14558&Method=Full

Gregory M. Saunders, Ph.D.
Senior Design Architect
Cognitive Arts Corporation (http://www.cognitivearts.com)
120 S. Riverside Plaza, Suite 1520
Chicago, IL 60606


>-----Original Message-----
>From: Rich Wild [mailto:[EMAIL PROTECTED]]
>Sent: 06 May 2000 10:24
>To: [EMAIL PROTECTED]
>Subject: CF_Inputfilter syntax
>
>
>
>Hi there, 
>
>I'm using a lot of URL variables in a current project that directly link
>into DB statements and so to try and combat attempts by naughty people to
>drop all me tables or linking malicious stuff, I'm using CF-Inputfilter, jus
>like the kind people at Allaire have recommended.
>
>But could anyone tell me the proper syntax for its usage?
>
>What I basically need to do is use it to kill HTML tags in URL variables
>
>As well as this - I need to stop the addition of attached SQL statements to
>the variables so that 
>
>"someserver.com/someurl/someapp.cfm?someStr=Ipswich"
>
>could not become 
>
>"someserver.com/someurl/someapp.cfm?someStr=Ipswich DELETE * FROM TABLE"
>
>in the wrong hands...
>
>If it was a numeric variable there wouldn't be a problem as I could just do
>an IsNumeric , but this string has got me scratching my head (nits
>notwithstanding). 
>
>Can anyone help?
>
>
>--
>Rich Wild
>Senior Web Designer
>
>-------------------------------------------------------
>e-mango.com ltd                      Tel: 01202 587 400
>Lansdowne Place                      Fax: 01202 587 401
>17 Holdenhurst Road
>Bournemouth                   Mailto:[EMAIL PROTECTED]
>BH8 8EW, UK                      http://www.e-mango.com
>-------------------------------------------------------
> 
>----------------------------------------------------------------------------
>--
>Archives: http://www.eGroups.com/list/cf-talk
>To Unsubscribe visit
>http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
>send a message to [EMAIL PROTECTED] with 'unsubscribe' in
>the body.
>---------------------------------------------------------------------------
---
>Archives: http://www.eGroups.com/list/cf-talk
>To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
>
------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: CF_Inputfilter syntax

Reply via email to
