cfqueryparam is the answer. I have seen the Light!
> -----Original Message-----
> From: Casey C Cook [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, October 09, 2002 10:52 AM
> To: CF-Talk
> Subject: SQL Insertion attacks
>
>
> I remember a couple threads about this topic, however, I
> never have any
> luck with the archives. What approaches have you taken to stop SQL
> insertion attacks. Our current thinking is to check for a
> set of certain
> characters (*,',&, etc) and make the user removes those
> characters before
> submitting a template. One of my questions regarding this
> approach is: Can
> you loop through each input form field (in javascript? in
> coldfusion?) in
> some sort of array that contains form variables and ensure
> all potentially
> malicious characters are removed before form submission? What
> I am trying
> to avoid is checking each form field separately and I would
> like the code
> to be portable to many applications, hopefully in a cfinclude
> on each page
> that contains input fields. Your input/help is greatly appreciated.
>
> Thanks!
> Casey Cook
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Your ad could be here. Monies from ads go to support these lists and provide more
resources for the community. http://www.fusionauthority.com/ads.cfm
