And make sure you use the "cfqueryparam" tag in the WHERE clause for your DELETE statement.
-----Original Message----- From: Michael Traher [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 16, 2003 10:52 AM To: CF-Talk Subject: RE: Best method for securely deleting a record One possibility if you are concerned about the ID being tampered with, is to send it in several different ways and compare them all in the action page, hidden field, url and if possible create a form field whose _name_ contains the id. A tampered is less likely to change all instances. If any do not match reject the delete. Michael Traher Systems Manager ICLP (London) -----Original Message----- From: Angel Stewart [mailto:[EMAIL PROTECTED] Sent: 16 September 2003 15:39 To: CF-Talk Subject: Best method for securely deleting a record Hey all, I've done this many times before, but I am now doing an application where I need to be a bit more careful with regards to security. What's the best way to delete a record? When you Insert a record that's fine..no trouble there. Updating? You could forward the ID as a Form field, and again there's not a real issue. But deleting. Don't want to pass the ID as a URL, so it can't be done from an HREF link. What's the best way to do this from a single form, perhaps the same form that performs the Modify feature. Is it ok to pass an ID for a record to be deleted in the Form scope? OR could the ID be set as a temporary Session variable that the delete action section would detect and perform the delete on. How do you all handle this? -Gel ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm
