Doesn't CF7 provide out of the box features to stop this from happening. I
"This e-mail is from Reed Exhibitions (Gateway House, 28 The Quadrant, Richmond, Surrey, TW9 1DN, United Kingdom), a division of Reed Business, Registered in England, Number 678540. It contains information which is confidential and may also be privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s) please note that any form of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful. If you have received this communication in error please return it to the sender or call our switchboard on +44 (0) 20 89107910. The opinions expressed within this communication are not necessarily those expressed by Reed Exhibitions." Visit our website at http://www.reedexpo.com -----Original Message----- From: Rey Bango To: CF-Talk Sent: Fri Dec 22 04:21:51 2006 Subject: SQL Injection Script Hi guys, I'm working on a script to prevent SQL injection code & XSS. The URL that I'm passing looks like this: /productdisplay.cfm?c1=%27%22%29%3Cscript+id%3D%2280000000%22+%2F%3E and the value of the query param translates to: '")<script id="80000000" /> But when I go to use it in the code, I'm getting this: URL Parameters: C1='") I've tried all different types of variations to ensure that the passed data is preserved but its being truncated somehow. Any help would be appreciated. This is a tag that I'd like to develop and place it out for the community. Its based on the safetext() cf function from cflib by Nathan Dintenfass, Lena Aleksandrova and Javier Julio. I'm just trying to build a wrapper around it. Rey... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Create robust enterprise, web RIAs. Upgrade & integrate Adobe Coldfusion MX7 with Flex 2 http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:264876 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
