Uh, I find that to be a security hole. URL.MyID = 1 will probably always work. If not, I'll start the math guessing game.
On Jan 23, 2008 12:25 PM, Ryan J. Heldt <[EMAIL PROTECTED]> wrote: > I like to handle things like that somewhat gracefully, for example: > > <!--- Default Parameters ---> > <cfparam name="url.MyID" default="0" /> > > <!--- Get Data ---> > <cfquery name="qryData"> > SELECT ... > FROM ... > WHERE MyID = <cfqueryparam value="#val(url.MyID)#" > cfsqltype="cf_sql_integer" /> > </cfquery> > > <!--- Hmm... No records, send user back to list page ---> > <cfif qryData.RecordCount is 0> > <cflocation url="index.cfm" addtoken="false" /> > </cfif> > > Essentially by using cfparam, if the value isn't there at all, it's > going to be defined as 0. Secondly, we're using cfqueryparam to protect > the database. Third, if the value of url.MyID is something odd, like a > string, it's going to be converted into a number. Finally, if there are > no records, it sends the user back to a list page. > > Happy coding! > > -- > *Ryan J. Heldt* > /Senior Web Developer/ > Global Reach Internet Productions > http://www.globalreach.com > Phone: 515-296-0792, Fax: 515-296-3748 > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:297168 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
