henry ho wrote: > After reading the following pages... > > The Unexpected SQL Injection - When Escaping Is Not Enough > http://webappsec.org/projects/articles/091007.shtml > > SQL Injection Cheat Sheet > http://ferruh.mavituna.com/makale/sql-injection-cheatsheet/ > > > I wonder if our beloved <cfqueryparam> and <cfprocparam> are strong enough to > defend all of the attacks mentioned in the pages above.
If you use them in *all* SQL statements you execute they are. But read and make sure you understand the part about second order SQL injection attacks because it adds a twist to *all*. Jochem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Get the answers you are looking for on the ColdFusion Labs Forum direct from active programmers and developers. http://www.adobe.com/cfusion/webforums/forum/categories.cfm?forumid-72&catid=648 Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:290843 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
