Thanks to everybody who answered. I think the problem with searching is that sometimes you need to know the answer before you can ask the question.
I've used CFQUERYPARAM... but I didn't know that may be one of the reasons 'TO' use it. I learn something every day. Thanks again. -- Jillian -----Original Message----- From: Bryan Stevenson [mailto:bryan@;electricedgesystems.com] Sent: Tuesday, November 05, 2002 4:48 PM To: CF-Talk Subject: Re: Sanitize - Prevent SQL Injection Well...search the CF-Talk archives....this has been beaten to death ;-) There are all kinds of theories/etc. but take a look at CFQUERYPARAM...it takes care of a whole lot of potential problems. HTH Bryan Stevenson B.Comm. VP & Director of E-Commerce Development Electric Edge Systems Group Inc. t. 250.920.8830 e. [EMAIL PROTECTED] --------------------------------------------------------- Macromedia Associate Partner www.macromedia.com --------------------------------------------------------- Vancouver Island ColdFusion Users Group Founder & Director www.cfug-vancouverisland.com ----- Original Message ----- From: "Jillian Carroll" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Tuesday, November 05, 2002 2:29 PM Subject: Sanitize - Prevent SQL Injection > This may seem like a novice question... but is there a need/procedure for > sanitizing data in CF to prevent SQL injection? > > I've searched everywhere and I can't find any information on this. > > -- > Jillian > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm
