Hi guys, I'm working on a script to prevent SQL injection code & XSS. The URL that I'm passing looks like this:
/productdisplay.cfm?c1=%27%22%29%3Cscript+id%3D%2280000000%22+%2F%3E and the value of the query param translates to: '")<script id="80000000" /> But when I go to use it in the code, I'm getting this: URL Parameters: C1='") I've tried all different types of variations to ensure that the passed data is preserved but its being truncated somehow. Any help would be appreciated. This is a tag that I'd like to develop and place it out for the community. Its based on the safetext() cf function from cflib by Nathan Dintenfass, Lena Aleksandrova and Javier Julio. I'm just trying to build a wrapper around it. Rey... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Create robust enterprise, web RIAs. Upgrade & integrate Adobe Coldfusion MX7 with Flex 2 http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:264871 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
