Protect yourself. Depending on someone else will get you in trouble. On Wed, 31 Jul 2002, Chad Gray wrote:
> Do we have anything to worry about if someone enters a SQL command into > a form field or URL? > > Like the form is collecting a users ID and passing the users ID to this > action page: > > SELECT * > FROM users > WHERE user = #FORM.user# > > Can someone enter into the form field: > > 9; DROP TABLE users; > > Thus creating on the action side: > > SELECT * > FROM users > WHERE user = 9; DROP TABLE users; > > Has MM protected us from this kind of attack or do we have to protect > ourselves with val().. etc...? > > > ______________________________________________________________________ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
