Do we have anything to worry about if someone enters a SQL command into a form field or URL?
Like the form is collecting a users ID and passing the users ID to this action page: SELECT * FROM users WHERE user = #FORM.user# Can someone enter into the form field: 9; DROP TABLE users; Thus creating on the action side: SELECT * FROM users WHERE user = 9; DROP TABLE users; Has MM protected us from this kind of attack or do we have to protect ourselves with val().. etc...? ______________________________________________________________________ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
