>> Actually, I'm gonna pick on you again Dave and challenge >> this. (I'm hoping to add to my wall) >> >> If a someone is using MySQL ... > > Well, the original poster was asking about the current attack, which > specifically targets MS SQL Server. >
That might be true, but he didn't say that. He simply stated he had been "asked to look at a possible sql injection attack". He stated he had heard that "inline queries can cause injection attacks" and asked if that syntax was safe. Given that information alone, I still think the answer is "no". ~Brad ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309536 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4