Re: coldfusion sql injection

Dan Plesse Fri, 25 Aug 2006 09:48:21 -0700

My example using PrepareStatements.

This makes a "sql injection attack" a thing of the past and its also faster.



PreparedStatement ps = con.PrepareStatement("INSERT INTO MYTABLE VALUES
(?,?,?,?);");

ps.setInt(1, 3);
ps.setString(2, "something");
ps.setString(3, "and");
ps.setString(4, "other");
ps.executeUpdate();


On 8/25/06, Mkruger <[EMAIL PROTECTED]> wrote:
>
> I have a good example of injection and XSS here...
>
>
> http://mkruger.cfwebtools.com/index.cfm?mode=alias&alias=security.pyramid.co
> de
>
>
> -----Original Message-----
>
>
>
> So there's the question. Can someone provide an example of a
> working sql injection attack?
>
>
>
> 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting,
up-to-date ColdFusion information by your peers, delivered to your door four 
times a year.
http://www.fusionauthority.com/quarterly

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:251043
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Re: coldfusion sql injection

Reply via email to