thanks for your feedback peter so i dont have to stop users from entering certain characters at all if i am using these functions? i would only have to stop them entering any special characters that we use within our code?
thanks > A very quick summary... > > Use cfqueryparam tags to insert user-provided data into the database. > > Use the appropriate function (HtmlEditFormat, XmlFormat, > UrlEncodedFormat, JsStringFormat) to output user-provided data. > > These will (should) deal with escaping all reserved characters. > > If in doubt, use security scanning software to run some thorough tests > against your site and verify it is ok before you put it Live. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:327657 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
