RE: watching a form for illegal SQL characters

Thu, 01 Aug 2002 15:54:58 -0700 

You didn't happen to take the phrase from, say, a Word document, paste it
into a form field, and then submit it?

> -----Original Message-----
> From: Chad Gray [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, August 01, 2002 4:01 PM
> To: CF-Talk
> Subject: RE: watching a form for illegal SQL characters
>
>
> Yikes...
> <cfqueryparam value="#Form.SubLongDesc#" cfsqltype="CF_SQL_LONGVARCHAR"
> maxlength="255">
>
> Turned this type:
>
> The soft, meditative light from our 3� x 3� pillars
>
> Into This type:
>
> The soft, meditative light from our 3�?�?�?¢�?¢â�?�š�?¬�?�??�? x
> 3�?�?�?¢�?¢â�?�š�?¬�?¢â�?�ž�?¢ pillars can
>
> The database type is nText 16  I will assume CF_SQL_LONGVARCHAR was the
> wrong option to pick?
>
>
> -----Original Message-----
> From: Paul Giesenhagen [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, August 01, 2002 4:38 PM
> To: CF-Talk
> Subject: Re: watching a form for illegal SQL characters
>
> Nope, CFQUERYPARAM is a super great tag, it has many plus's, but the
> interesting one is that it boosts performance on queries.  It's kinda
> inbetween not using stored proceedures and stored proceedures ... it
> allows
> the database server to prefigure-out the query so it doesn't have to do
> it
> over and over ... thus a performance boost ... there are also some
> security
> reasons to use it.
>
> Paul Giesenhagen
> QuillDesign
>
> ----- Original Message -----
> From: "Chad Gray" <[EMAIL PROTECTED]>
> To: "CF-Talk" <[EMAIL PROTECTED]>
> Sent: Thursday, August 01, 2002 4:35 PM
> Subject: RE: watching a form for illegal SQL characters
>
>
> > Is that a new tag?  I see it mentioned a few times and I have never
> used
> > it.  I will start reading.  :)
> >
> > -----Original Message-----
> > From: Jochem van Dieten [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, August 01, 2002 4:30 PM
> > To: CF-Talk
> > Subject: Re: watching a form for illegal SQL characters
> >
> > Chad Gray wrote:
> > > Can anyone recommend a good way to filter " ' etc out of forms so on
> > the
> > > action page the SQL does not crash?
> >
> > cfqueryparam
> >
> > Jochem
> >
> >
> >
>
> 
______________________________________________________________________
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Reply via email to