> When you say "Update Your Code", are you saying using <cfqueryparam>?
Yes, that's what he is saying. > so, go back and fix 1,000's of lines > of code I have developed over the last 'upteen' years or stop it > before it starts? Because if you don't, you are putting a LOT of faith in these blockers and assuming that hackers won't find other ways to attack a vulnerable application that doesn't get by them. Personally, I'm not sure I'd put *that* much trust in them, if I really cared about my sites being safe. > Is this something new to CF8 or just a necessary > evil because of SQL Injection Attacks. Nothing new, and certainly not unique to ColdFusion either. > is <cfqueryparam> something a lot of programmers > really use? Uh, yes. > This is the first I have ever heard of using <cfqueryparam>. That is a truly scary thought. I hope you will spend some time on the ColdFusion blogs which have lots of information on the importance of using it. --- Mary Jo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311321 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4