>
> // SQL injection keywords
> SQL_exp="[ ;](insert +into.+values|drop +table|create +table)";
So if I use "; truncate table ...." I get past your RegEx?
Why keep inventing things that don't work when there is cfqueryparam?
Jochem
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
