But why? What is the point? If cfqueryparam does this all for you? Just seems like a little overkill for no real gain.
"This e-mail is from Reed Exhibitions (Oriel House, 26 The Quadrant, Richmond, Surrey, TW9 1DL, United Kingdom), a division of Reed Business, Registered in England, Number 678540. It contains information which is confidential and may also be privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s) please note that any form of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful. If you have received this communication in error please return it to the sender or call our switchboard on +44 (0) 20 89107910. The opinions expressed within this communication are not necessarily those expressed by Reed Exhibitions." Visit our website at http://www.reedexpo.com -----Original Message----- From: Dan Plesse To: CF-Talk Sent: Fri Aug 25 17:47:24 2006 Subject: Re: coldfusion sql injection My example using PrepareStatements. This makes a "sql injection attack" a thing of the past and its also faster. PreparedStatement ps = con.PrepareStatement("INSERT INTO MYTABLE VALUES (?,?,?,?);"); ps.setInt(1, 3); ps.setString(2, "something"); ps.setString(3, "and"); ps.setString(4, "other"); ps.executeUpdate(); On 8/25/06, Mkruger <[EMAIL PROTECTED]> wrote: > > I have a good example of injection and XSS here... > > > http://mkruger.cfwebtools.com/index.cfm?mode=alias&alias=security.pyramid.co > de > > > -----Original Message----- > > > > So there's the question. Can someone provide an example of a > working sql injection attack? > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:251045 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
