I don't have any "scripts" par se, but I usually check the cgi referrer to prevent someone from posting off-site forms to my process scripts. As far as sql injection, cfqueryparam will go a long way to help that... and be careful of the preservingsinglequotes() function-- it can make it easier to insert SQL.
Also, in MX7, look into the "Enable Global Script Protection" setting on the settings page of cf admin. ~Brad -----Original Message----- From: Rey Bango [mailto:[EMAIL PROTECTED] Sent: Monday, August 07, 2006 11:39 AM To: CF-Talk Subject: Good script to prevent cross-site scripting & sql injection? Hi guys, Any recommendations on a good script to prevent cross-site scripting & sql injection? if someone has good code for this, I'd really appreciate it if I could use it. Rey... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:249025 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
