Obviously cfsqltype="varchar" should be cfsqltype="cf_sql_varchar" (my typo).
On Thu, Jul 24, 2008 at 11:55 PM, James Holmes <[EMAIL PROTECTED]> wrote: > I'll say it again. > > ANY string passed into cfqueryparam cannot be executed as SQL: > > select somecolumn > from sometable > where someothercolumn = <cfqueryparam cfsqltype="varchar" > value="URL.TryToHackThis"> > > It is irrelevant what gets passed in the URL.TryToHackThis; it cannot > be executed as a SQL statement. It's bound to the query as a > parameter. -- mxAjax / CFAjax docs and other useful articles: http://www.bifrost.com.au/blog/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309619 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
