We have been working to secure our cfquery statements throughout our site using cfqueryparam and I have come upon the following format:
<cfquery datasource="#this.dsn#" name="myQuery" username="#Request.username#" password="#Request.password#"> #PreserveSingleQuotes(sql)# </cfquery> My question is, (and I'm pretty sure it's no, but had to ask anyway) can you put a cfqueryparam around the variable above? If so, what would be the cfsqltype for this since it's passing an entire query? If this is not possible, (which I'm 95% sure it's not) is this secure from SQL attacks? If not, what would you recommend doing to secure this more? Thanks in advance fellow Fusioners! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:334055 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
