> -----Original Message----- > From: Rick King [mailto:[EMAIL PROTECTED] > Sent: Monday, August 06, 2007 11:56 AM > Subject: SQL injection hack? > > /Details.cfm > ProdID=1%20and%201=convert(int,(select%20top%201%20char(97) > %2badmin_password%20from%20tbl_adminusers))
IsNumeric and cfqueryparam are your friends. Damien McKenna Web Developer The LIMU Company ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Get the answers you are looking for on the ColdFusion Labs Forum direct from active programmers and developers. http://www.adobe.com/cfusion/webforums/forum/categories.cfm?forumid-72&catid=648 Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:285489 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4