On 6/11/07, Dave Watts wrote: .... > Joel's article covers a lot of ground - the evolution and misappropriation
I read that article every time I chance upon it, and enjoy. Just a great writing style, ta boot. > And, if you use CFQUERYPARAM or CFPROCPARAM or any other mechanism that lets > you build prepared statements or their analogues, no SQL injecting will > happen - the specific purpose of a prepared statement is to separate While I don't know enough to know, I've seen some oracle stored procs that pass an entire SQL query as a param... always kind of assumed that was NOT being safe... I'll keep thinking that, even if it's wrong, just cuz it bothers me, in general. =] Thanks for putting that article out there again, D-man, it is Good Stuff. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Macromedia ColdFusion MX7 Upgrade to MX7 & experience time-saving features, more productivity. http://www.adobe.com/products/coldfusion?sdid=RVJW Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:280714 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
