Tood- A security hole, how so? Yes, you can arbitrarily change the value: MyID = 1, MyID = 2, and so on, but that's always going to be the case. I believe the initial question posed was if someone messed with the URL and removed one of the values. Say, the page was expecting MyID and it wasn't there. How should the page react?
-- *Ryan J. Heldt* /Senior Web Developer/ Global Reach Internet Productions http://www.globalreach.com Phone: 515-296-0792, Fax: 515-296-3748 Todd wrote: > Uh, I find that to be a security hole. URL.MyID = 1 will probably always > work. If not, I'll start the math guessing game. > > On Jan 23, 2008 12:25 PM, Ryan J. Heldt <[EMAIL PROTECTED]> wrote: > > >> I like to handle things like that somewhat gracefully, for example: >> >> <!--- Default Parameters ---> >> <cfparam name="url.MyID" default="0" /> >> >> <!--- Get Data ---> >> <cfquery name="qryData"> >> SELECT ... >> FROM ... >> WHERE MyID = <cfqueryparam value="#val(url.MyID)#" >> cfsqltype="cf_sql_integer" /> >> </cfquery> >> >> <!--- Hmm... No records, send user back to list page ---> >> <cfif qryData.RecordCount is 0> >> <cflocation url="index.cfm" addtoken="false" /> >> </cfif> >> >> Essentially by using cfparam, if the value isn't there at all, it's >> going to be defined as 0. Secondly, we're using cfqueryparam to protect >> the database. Third, if the value of url.MyID is something odd, like a >> string, it's going to be converted into a number. Finally, if there are >> no records, it sends the user back to a list page. >> >> Happy coding! >> >> -- >> *Ryan J. Heldt* >> /Senior Web Developer/ >> Global Reach Internet Productions >> http://www.globalreach.com >> Phone: 515-296-0792, Fax: 515-296-3748 >> >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:297224 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
