>>And with preserveSingleQuotes() you have to hope you're better at cleaning input than hackers are at writing SQL injection.
When I'm talking about a CMS, I'm talking about some tool some customers have paid for and that is only accessible by approved users with authentication. Now if they want to hack and sabotage their own application they have paid for, it's their problem, and if it ever happens, they will pay again to get their own mess cleaned up. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:324067 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
