I just noticed that the HTML is removed from the message so you wont see the items in red.
CItem=#CItem# is where the problem lies. talking about security..... I know to: - always use val() with integers in my queries - always filter ANY data submitted, including hidden fields - use regEx to remove any invalid chars from submitted data - use regEx to replace characters like & to & < to < > to > " to " ' to · (have not found the right equivelant to ' yet) when these characters are to be used in submitted data What about UNICODE and MS SQL server, can anyone enlighten me on that one? And if possible point out any possible holes I might have missed? TIA Taco Fleur ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
