David Moore, Jr. wrote: > Not trying to pick a fight, becuase I am sure you have forgotten more code > than I will ever know (seriously) and I am probably just being lazy > (seriously), but is <cfqueryparam> something a lot of programmers really use? > I have never seen <cfqueryparam> used on any tags I have purchased or > exchanged and I am afraid all I know is what I have learned from books and > forums. This is the first I have ever heard of using <cfqueryparam>.
Yes <cfqueryparam...> is well used and for very good reasons. One of which is what do you want to happen if the next clever hacker comes along with an attack that gets around all these solutions that have been developed to stop them at the gate? Do you really want to gamble your data and possible career on that fact that you can out guess every hacker who collectively have almost endless time and resources to figure out ways around these solutions? I equate it to this analogy I have been dying to use for some time. Would you never build the city walls and gates just because you have sentries watching the road? No matter how good and undefeatable you think your sentries are. Or why have database passwords if you have a firewall. (That one might be better) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311322 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4