I don't believe DMBS's like MSSQL have a single statement option. As it has already been pointed out, MySQL does and it is the default.
The setting is on a per connection level. If you are using MySQL and know that most of the time you will only have one statement, then create two datasource-- one that allows it and one that does not. Use as needed. The inherent problem with any of this is it still require the programmer to: 1) use the correct datasource and not be lazy 2) properly secure the queries that allow the multiple statements and not be lazy Worst of all, not all SQL injection attacks require a second statement!!! Many attacks use a union to pull additional data out in a select and that is _totally_ allowed in MySQL in single statement mode. Basically, the we as the programmers don't get out of this one. We have to be relied upon to consistently do SOMETHING whether it is use the correct datasource etc. So here's the thing, if you are going to go through trouble to do ANYTHING, just make sure that we always use cfqueryparam-- that is the only option that will always work without many gotcha's. I think that is energy better spent. ~Brad ----- Original Message ----- From: "Claude Schneegans" <[EMAIL PROTECTED]> To: "CF-Talk" <[email protected]> Sent: Friday, July 25, 2008 12:46 PM Subject: Re: (ot) URL Hack Attempt Leaves Me Scractching My Head... To Ben Forta > >>I have to hand it to Claude - he definitely has confidence > > Well, unless ODBC and JDBC have some function to enable/disable multi > statements, > It would certainly be much trouble to implement this in CF. > I've checked rapidly in the ODBC docs, and I don't see any reference to > multi statement. > > Anyway, if the option was available, it shouldn't be the default, for > sure. > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309713 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
