You could try this SQl Injection related UDF from cflib.org. http://www.cflib.org/udf.cfm?ID=612
At 05:41 PM 03/09/02 +0200, you wrote: >Matt Robertson wrote: > > In the past I've used the CodeCleaner custom tag to scrub form inputs. > > Recently I've expanded my use of CFQUERYPARAM to include values in SQL > > UPDATE and INSERT statements, rather than just for the WHERE clause. > > > > Does cfqueryparam eliminate the need to scrub the code? My gut feeling > > is 'yes' for cfsqltype=cf_sql_numeric and an emphatic 'NO' for > > cfsqltye=cf_sql_varchar. Any confirmation/correction would be > > appreciated. > >cfqueryparam eliminates the need for scrubbing. It might or might not, >depending on your requirements, eliminate the need for trimming. > >Jochem > > > ______________________________________________________________________ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
