but it isn't like cfquery without it is necessarily an open door (if you're consistent).
Mark Well not that open, unless somebody has opened the door with preserveSingleQuotes() for some reason. But one would hope that this was done with a clear purpose and understanding of the risks and appropriate action was taken to mitigate them. But this also does not say that <cfquery ...> is a closed, secure door either. It may take more effort to fool it, but I trust the experts when they say it can be fooled and that the consistent use of <cfqueryparam...> makes it more secure. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Create robust enterprise, web RIAs. Upgrade to ColdFusion 8 and integrate with Adobe Flex http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:285747 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
