You are effectively throwing open the door to any hacker, then asking how to stop them from coming in and stealing your stereo. :)
Why do you want to do this? Perhaps there is a better way? On Wed, May 14, 2008 at 1:44 PM, Chad Gray <[EMAIL PROTECTED]> wrote: > I would like to leave my Query open to take in any number of where statements. > > IE: > <cfset arguments.clause = "JobID = 1"> > > <cfquery name="getJobs" datasource="#application.dsn#"> > SELECT * > FROM Jobs > WHERE 1=1 > <cfif len(arguments.clause)>AND #arguments.clause#</cfif> > </cfquery> > > Of course the problem with doing this is SQL injection. > > Anyone have a good way of doing this and keep safe from SQL injection? > > Thanks! > Chad > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;192386516;25150098;k Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:305282 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
