I remember a couple threads about this topic, however, I never have any luck with the archives. What approaches have you taken to stop SQL insertion attacks. Our current thinking is to check for a set of certain characters (*,',&, etc) and make the user removes those characters before submitting a template. One of my questions regarding this approach is: Can you loop through each input form field (in javascript? in coldfusion?) in some sort of array that contains form variables and ensure all potentially malicious characters are removed before form submission? What I am trying to avoid is checking each form field separately and I would like the code to be portable to many applications, hopefully in a cfinclude on each page that contains input fields. Your input/help is greatly appreciated.
Thanks! Casey Cook ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting.
