You can't prevent people from trying but you can code to prevent it from messing with your database. Make sure you are using cfqueryparam every place you can or use Stored Procs.
Rick King wrote: > Hey all, > > I just received this email that is generated when there is an error on a site > I built (www.woreitonce.com) > > -------------------E-MAIL-------------------------------- > Invalid data 1 and 1=convert(int,(select top 1 char(97)+admin_password from > tbl_adminusers)) for CFSQLTYPE CF_SQL_INTEGER. <br>The error occurred on > line 30. > Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 > Firefox/2.0.0.6 > 81.10.46.130 > > /Details.cfm > > ProdID=1%20and%201=convert(int,(select%20top%201%20char(97)%2badmin_password%20from%20tbl_adminusers)) > > ---------------------E-MAIL------------------------ > > Is this a SQL injection attack? Anything I can do? > > Thanks > Rick > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Download the latest ColdFusion 8 utilities including Report Builder, plug-ins for Eclipse and Dreamweaver updates. http;//www.adobe.com/cfusion/entitlement/index.cfm?e=labs%5adobecf8%5Fbeta Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:285482 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
