You don't have to do things like that if you just use cfqueryparam ;) the only thing you lose on pre-cf8 is caching of the queries, so worst case is you may have to re-factor some slow SQL statements.
Chris Peterson -----Original Message----- From: [EMAIL PROTECTED] [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 23, 2008 12:30 PM To: CF-Talk Subject: Re: Owned by Rootdamages by FasT Is there a way to address all URL scopes or do I have to be specific and list all URL scopes used on the site? I'm thinking ... <CFIF ISDEFINED ("URL.pr_id")> <CFIF URL.pr_id contains "select"> </CFIF> </CFIF> >Or at the very least write some generic code in Application.cfm/Application.cfc >that inspects the form, url and cookie scopes and strips out anything >suspicious like SQL statements. That would only be a half measure though. >The queries need to be changed to use cfqueryparam. > >On Jan 23, 2008 11:38 AM, Tom Chiverton <[EMAIL PROTECTED]> >wrote: > >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:297198 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
