RE: CFC protect from SQL Injection?

Fri, 22 Feb 2008 13:39:03 -0800 

 I just put a post on my blog with some CF examples of SQL injection using
character fields. Perhaps some of you could add additional cases.

http://www.coldfusionmuse.com

-mk

-----Original Message-----
From: Chris Norloff [mailto:[EMAIL PROTECTED] 
Sent: Friday, February 22, 2008 2:35 PM
To: CF-Talk
Subject: RE: CFC protect from SQL Injection?

Good point, that's not a good example for ColdFusion, is it. But I figure
there's more to a SQL Injection attack than just the single-quote attack?

Thanks,
Chris 

-----Original Message-----
From: Russ [mailto:[EMAIL PROTECTED]
Sent: Friday, February 22, 2008 11:31 AM
To: CF-Talk
Subject: RE: CFC protect from SQL Injection?

My point is that this won't work in CF, because CF auto escapes single
quotes in variables... 

Russ

> -----Original Message-----
> From: Chris Norloff [mailto:[EMAIL PROTECTED]
> Sent: Friday, February 22, 2008 11:15 AM
> To: CF-Talk



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;160198600;22374440;w

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299756
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Reply via email to