+1. Don't rely on stripping, regular expressions or any of that (although feel free to do those too); use cfqueryparam in every query and SQL injection is no longer a problem, if your DB genuinely supports bound parameters.
On 7/31/06, Robertson-Ravo, Neil (RX) <[EMAIL PROTECTED]> wrote: > <cfqueryparam> > > > > -----Original Message----- > From: Dmitrii Dimandt [mailto:[EMAIL PROTECTED] > Sent: 31 July 2006 10:35 > To: CF-Talk > Subject: Sanitize input data for SQL > > I need a cffunction similar to PHP's mysql_escape_string that > sanitizes input data, that is - escapes invalid code so as to prevent > SQL injection and the like. > > Thank you in advance :) -- CFAJAX docs and other useful articles: http://www.bifrost.com.au/blog/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:248214 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
