Ah yes! You are right--that ID value, after being returned in the query recordset, does get set in cookie scope, and that is where my cfqueryparam tag gets it from, in cookie scope.
So, yeah, it is possible that users could have manipulated that cookie value... But then, with so many users (i must have had a couple dozen error messages at least, and they are from different legitimate users) all generating the same error message, it seems unlikely that they all changed their cookie to the same value. On Thu, May 14, 2009 at 4:01 PM, Adrian Lynch <[email protected]>wrote: > > I thought you said it was a cookie value? > > > -----Original Message----- > > From: Qing Xia [mailto:[email protected]] > > Sent: 14 May 2009 20:43 > > To: cf-talk > > Subject: Re: my cfqueryparam grievance > > > > > > I wish--but the value is a ID value passed back in a query recordset > > and > > there is no way how users can manually pass it in. > > > > On Thu, May 14, 2009 at 3:39 PM, Adrian Lynch > > <[email protected]>wrote: > > > > > > > > The user changed it maybe? > > > > > > Adrian > > > > > > > -----Original Message----- > > > > From: Qing Xia [mailto:[email protected]] > > > > Sent: 14 May 2009 20:30 > > > > To: cf-talk > > > > Subject: Re: my cfqueryparam grievance > > > > > > > > But still, it is interesting to ponder whatever happened to my > > data, > > > > and > > > > why, of all things, everything got to be 521636a. Just another > > thing > > > > to > > > > think about on the metro. > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:322532 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
