Well, best of luck with that. On 8/1/06, Dmitrii Dimandt <[EMAIL PROTECTED]> wrote: > > +1. Don't rely on stripping, regular expressions or any of that > > (although feel free to do those too); use cfqueryparam in every query > > and SQL injection is no longer a problem, if your DB genuinely > > supports bound parameters. > > The problem is that I've started using Coldfusion On Wheels > (http://cfwheels.com/) which has constructs like these: > > <cfset city = model("Cities").findOne(where="id=#id# AND > some_other_param=#param#")> > > So it is these constructs that I need sanitation for :) > >
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:248379 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
