Your welcome -----Original Message----- From: Ryan Kime <[EMAIL PROTECTED]> To: CF-Talk <[EMAIL PROTECTED]> Date: Wednesday, July 31, 2002 3:35 PM Subject: RE: CF and passing SQL commands through a form
>That's it, thanks Bryan. > >-----Original Message----- >From: Bryan F. Hogan [mailto:[EMAIL PROTECTED]] >Sent: Wednesday, July 31, 2002 2:16 PM >To: CF-Talk >Subject: Re: CF and passing SQL commands through a form > > >In my oppinion this is the way to go: >http://www.sys-con.com/coldfusion/article.cfm?id=398 > >-----Original Message----- >From: Ryan Kime <[EMAIL PROTECTED]> >To: CF-Talk <[EMAIL PROTECTED]> >Date: Wednesday, July 31, 2002 3:22 PM >Subject: RE: CF and passing SQL commands through a form > > >>Use <cfqueryparam> for validation purposes. I've seen docs on this, but >>can't remember where off the top of my head. >> >> >>-----Original Message----- >>From: Chad Gray [mailto:[EMAIL PROTECTED]] >>Sent: Wednesday, July 31, 2002 2:07 PM >>To: CF-Talk >>Subject: CF and passing SQL commands through a form >> >> >>Do we have anything to worry about if someone enters a SQL command into >>a form field or URL? >> >>Like the form is collecting a users ID and passing the users ID to this >>action page: >> >>SELECT * >>FROM users >>WHERE user = #FORM.user# >> >>Can someone enter into the form field: >> >>9; DROP TABLE users; >> >>Thus creating on the action side: >> >>SELECT * >>FROM users >>WHERE user = 9; DROP TABLE users; >> >>Has MM protected us from this kind of attack or do we have to protect >>ourselves with val().. etc...? >> >> >> >> > > ______________________________________________________________________ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
