> What I'm wondering is a the pros and cons of doing it this way. Does it > slow down the app checking for this on every page hit? Or do it the old > fashion way and clean up all the queries. Thoughts?
That depends on what your definition of slow is. On a modern server a simple check for a specific string anywhere in the URL as you described isn't going to even show up in speed testing. The code I posted is more robust and takes a couple ms to run, but unless your server is getting absolutely hammered the difference in execution time shouldn't be at all noticeable. I will emphasize that the front-end URL scanning is meant as a first line of defense. It will help, but protection on individual queries and input validation should still be considered best practice going forward, and implemented on older code if time and budget permit. -Justin Scott ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310417 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
