RE: all records deleted from table

Tue, 04 Feb 2003 14:39:26 -0800 

yes.. I also check for some info first before you can even hit the delete
file

-----Original Message-----
From: Ryan Sabir [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 04, 2003 2:30 PM
To: CF-Talk
Subject: RE: all records deleted from table


Are you type checking the variables that get passed into your queries?

If those variables came from a form submission or a URL parameter it would
be simple for a malicious user to hack some code into those queries that can
delete all the data..

Could this have been caused by a naughty hacker?

-----Original Message-----
From: Tim Do [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, 5 February 2003 9:31 AM
To: CF-Talk
Subject: all records deleted from table


Hi all,

I ran into a big problem this morning when I found out that all the data
from my table were somehow deleted.  I wanted to make sure that it wasn't my
code so I did an extended search for "delete from tablename" and "delete
tablename" in my code and I'm positive that there is only one instance that
I do a delete from this table.  I had this happen a long while ago to the
same exact table.  Here is my delete page, any ideas on how this could've
happened would be greatly appreciated.


<CFQUERY NAME="getTenantCoding" DATASOURCE="#rentDSN#">
        SELECT CItem
        FROM CodeOfUnits
        WHERE CItem=#CItem# AND UnitNo='#UnitNo#'
</CFQUERY>

<CFIF getTenantCoding.recordCount GT "1">

        <CFQUERY NAME="deleteTenatCoding" DATASOURCE="#rentDSN#">
                DELETE CodeOfUnits
                WHERE UnitNo='#UnitNo#' AND CItem=#CItem#
        </CFQUERY>

        <CFSET notice="Tenant info has successfully been deleted!">

<CFELSE>

        <CFQUERY NAME="deleteTenatCoding" DATASOURCE="#rentDSN#">
                DELETE CodeOfUnits
                WHERE UnitNo='#UnitNo#' AND CItem=#CItem#
        </CFQUERY>

        <CFQUERY NAME="deleteTenant" DATASOURCE="#rentDSN#">
                DELETE Tenant
                WHERE CImproveNo=#caseNo# AND UnitNo='#UnitNo#'
        </CFQUERY>

        <CFSET notice="Tenant info has successfully been deleted!">

</CFIF>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Your ad could be here. Monies from ads go to support these lists and provide more 
resources for the community. http://www.fusionauthority.com/ads.cfm

                                Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Reply via email to