Doh. Sometimes gmail don't thread quite right. Only down side is you can't use them in cached queries. I think. :D
On 7/31/06, James Holmes <[EMAIL PROTECTED]> wrote: > > +1. Don't rely on stripping, regular expressions or any of that > (although feel free to do those too); use cfqueryparam in every query > and SQL injection is no longer a problem, if your DB genuinely > supports bound parameters. > > On 7/31/06, Robertson-Ravo, Neil (RX) > <[EMAIL PROTECTED]> wrote: > > <cfqueryparam> > > > > > > > > -----Original Message----- > > From: Dmitrii Dimandt [mailto:[EMAIL PROTECTED] > > Sent: 31 July 2006 10:35 > > To: CF-Talk > > Subject: Sanitize input data for SQL > > > > I need a cffunction similar to PHP's mysql_escape_string that > > sanitizes input data, that is - escapes invalid code so as to prevent > > SQL injection and the like. > > > > Thank you in advance :) > > -- > CFAJAX docs and other useful articles: > http://www.bifrost.com.au/blog/ > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:248278 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
