Yeah that's my thought as well, take a look at your web logs and see if someone was playing around with putting SQL in the URL...
-- jon mailto:[EMAIL PROTECTED] Tuesday, February 4, 2003, 5:30:27 PM, you wrote: RS> Are you type checking the variables that get passed into your queries? RS> If those variables came from a form submission or a URL parameter it would RS> be simple for a malicious user to hack some code into those queries that can RS> delete all the data.. RS> Could this have been caused by a naughty hacker? RS> -----Original Message----- RS> From: Tim Do [mailto:[EMAIL PROTECTED]] RS> Sent: Wednesday, 5 February 2003 9:31 AM RS> To: CF-Talk RS> Subject: all records deleted from table RS> Hi all, RS> I ran into a big problem this morning when I found out that all the data RS> from my table were somehow deleted. I wanted to make sure that it wasn't my RS> code so I did an extended search for "delete from tablename" and "delete RS> tablename" in my code and I'm positive that there is only one instance that RS> I do a delete from this table. I had this happen a long while ago to the RS> same exact table. Here is my delete page, any ideas on how this could've RS> happened would be greatly appreciated. RS> <CFQUERY NAME="getTenantCoding" DATASOURCE="#rentDSN#"> RS> SELECT CItem RS> FROM CodeOfUnits RS> WHERE CItem=#CItem# AND UnitNo='#UnitNo#' RS> </CFQUERY> RS> <CFIF getTenantCoding.recordCount GT "1"> RS> <CFQUERY NAME="deleteTenatCoding" DATASOURCE="#rentDSN#"> RS> DELETE CodeOfUnits RS> WHERE UnitNo='#UnitNo#' AND CItem=#CItem# RS> </CFQUERY> RS> <CFSET notice="Tenant info has successfully been deleted!"> RS> <CFELSE> RS> <CFQUERY NAME="deleteTenatCoding" DATASOURCE="#rentDSN#"> RS> DELETE CodeOfUnits RS> WHERE UnitNo='#UnitNo#' AND CItem=#CItem# RS> </CFQUERY> RS> <CFQUERY NAME="deleteTenant" DATASOURCE="#rentDSN#"> RS> DELETE Tenant RS> WHERE CImproveNo=#caseNo# AND UnitNo='#UnitNo#' RS> </CFQUERY> RS> <CFSET notice="Tenant info has successfully been deleted!"> RS> </CFIF> RS> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
