I am all for reducing attack surfaces. Even if cfqueryparam's sole purpose in life is to enhance security, its worth it. Never mind the speed given under load. Use it as a cheap way to bulletproof your code and minimize your own personal liability in case it turns out the hacker is smarter than you thought they would be. That includes inputs like #getsite.ID# Sure the input *should* come from where you think it does... but if some clown moves something into the middle of the picture then you have created a hole that someone can toss a grenade thru.
-- [EMAIL PROTECTED] Janitor, The Robertson Team mysecretbase.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Create robust enterprise, web RIAs. Upgrade & integrate Adobe Coldfusion MX7 with Flex 2 http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:266014 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
