Richard Cooper wrote: > Also, you didn't use the cfqueryparam tag > > Like this: > > '#session.lname#', > <cfqueryparam value="#createodbcdatetime(now())#" cfsqltype="cf_sql_date" />) >
There's no need to use cfqueryparam (as far as I know) in this situation because its not user supplied data. Now() is a CF function as is CreateODBCDateTime, so I don't see any chance for a user to override this value with a malicious one. Am I missing something? Judah ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:267399 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
