You should use CFQUERYPARAM to prevent SQL Injection attacks from hurting your database. Here is a good example of why you want to use CFQUERYPARAM. I just pulled this from my log files.
07/12/08 08:12.13: Error; christianmp3.com; Thread[ServletExec: request: time=1228659133439, uri=/index.cfm,5,main]; Error Diagnostic Information The value provided is longer than the maxLength Type=CF_SQL_VARCHAR; Data=[12668') and 1=convert(int,(select top 1 table_name from information_schema.tables))--sp_password]; Direction=IN; Variable=null Database Date/Time: 12/07/2008 08:12:13 Browser: Mozilla/4.0 Remote Address: 41.202.25.108 HTTP Referer: Url: www.redacted.com Script Name: /index.cfm Q uery String: /action=song&prod=12668%27)%20and%201=convert(int,(select%20top%201%20table_name%20from%20information_schema.tables))--sp_password >From the looks of it someone was trying to tack on a query to my product id number that gets used in a select statement. I use CFQUERYPARAM so this request failed since I have set the max length of my product ID's. This is the part that tries to do the injection attack. String: /action=song&prod=12668%27)%20and%201=convert(int,select%20top%201%20table_name%20from%20information_schema.tables))--sp_password Last July/August there was a massive sustained SQL injection attack targeting Coldfusion websites. Some sites were hit real bad by the injection itsself. others were taken down because the attack was so large and distributed that it just overloaded the servers with web traffic. Protect yourself use CFQUERYPARAM. Wil Genovese Sr. Web Application Developer ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:317767 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
