Thanks for the code, I'm in the processing of cleaning all the query calls for my client and been seeing lots of posts regarding this sql injection. There are a couple thousand queries that I have to clean up but while I'm in the process of cleaning they're getting injected over and over and over!! So I did something similar to this, not as in depth, but I added some logic to application.cfm to check cgi.query_string for parts of the injection script.
What I'm wondering is a the pros and cons of doing it this way. Does it slow down the app checking for this on every page hit? Or do it the old fashion way and clean up all the queries. Thoughts? -----Original Message----- From: Justin Scott [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2008 10:36 AM To: CF-Talk Subject: Re: HELP! SQL Injection Attack! > And yes, I'd like to see the URL "loop" script that was offered by Justin Scott I've had many requests for the SQL injection prevention script, so I'm just going to post a URL directly to the code and release it into the public domain for anyone interested: http://www.gravityfree.com/_sqlprev.cfm.txt -Justin Scott ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310415 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
