After seeing how malicious and how effective hackers were with automated sql injection last year I vowed to never leave an integer field unturned without using cfqueryparameters it's just too easy to use it and the benefit is unquestionable especially for integer fields. I am also seeing some addtl benefits with other field types now as well but integers are required. -- Ryan LeTulle
On Tue, Jun 9, 2009 at 9:51 PM, Gabriel <[email protected]> wrote: > > Will, > > Justin is right, just because your form is behind a username/password it by > no means guarantees that the people accessing that form aren't malicious. > As > for whether there are scenarios where you shouldn't use queryparam? That's > probably open for debate (it's certainly been debated before), however I've > not come across a situation (except the caching issue as mentioned) where > it's been of any benefit to NOT use queryparam. > > - Gabriel > > -----Original Message----- > From: Justin Scott [mailto:[email protected]] > Sent: Wednesday, 10 June 2009 12:42 PM > To: cf-talk > Subject: RE: CFLOOP inside a CFQuery > > > > WOW! Thanks for all the feedback! One question about CFQUERYPARAM, I > > use this when I accept anything that is available to the general > > public, but is it necessary to use this when the form is only > > accessible via username/password? > > I would use it regardless of who is going to be hitting those queries. You > never know when some nefarious person is going to break into an admin > account and start probing around. > > > Is there ever a reason not to use CFQUERYPARAM? > > Before ColdFusion 8 was released, you could not use CFQUERYPARAM in > conjunction with a cached query. CF8 now allows that (yea!). > > > -Justin > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:323313 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
