requirement for verifying the data type is, almost all queries that use a
variable are using one that you as the programmer have passed to it and
therefore have control of its verification before it ever gets to the query,
even if it is posted from a form we have the data validation of the CFFORM
tag and the CFINPUT types.
I also don't understand the 'unauthorized users' bit. Surely any query you
write and execute in a cfm page would have the coldfusion server as the
user, therefore if the query is being run your unauthorised user has already
bypassed your coldfusion security and coldfusion will be authorised as far
as the DB is concerned.
I realise I must be missing the point here but would appreciate it if
someone could clarify for me.
--
Jay
> Verifies the data type of a query parameter and, for DBMSs that support
> bind variables, enables ColdFusion to use bind variables in the SQL
> statement. Bind variable usage enhances performance when executing a
> cfquery statement multiple times.
>
> This tag is nested within a cfquery tag, embedded in a query SQL
statement.
> If you specify optional parameters, this tag performs data validation.
>
> Macromedia recommends that you use the cfqueryparam tag within every
cfquery
> tag, to help secure your databases from unauthorized users.
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
