Any time you construct a query in CF, use cfqueryparam. As long as the DB supports bind parameters, the query is safe from SQL injection.
Regardless, you still should validate server-side anyway. On 3/10/06, Oleg Gunkin <[EMAIL PROTECTED]> wrote: > I am trying to validate simple data like dates, emails to prevent clients > from dropping my database tables even if they really want to. -- CFAJAX docs and other useful articles: http://jr-holmes.coldfusionjournal.com/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:234951 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
