plenty of ideas, but you unfortunately forgot to mention the condition(s)/validation rule(s) when you want your trap/filter to spring/run... what does the value of your 'start' url var have to be to 'pass'? i.e. a positive integer? an numeric value within a certain range? something else?
assuming url.start must be a positive integer, something like this should work: <cfparam name="url.start" default="0"> <cfset url.start = int(val(url.start))> <cfif url.start lte 0><cfabort></cfif> Azadi On 09/11/2010 01:00 , Paul Smith wrote: >> I need a cffunction similar to PHP's mysql_escape_string that >> sanitizes input data, that is - escapes invalid code so as to prevent >> SQL injection and the like. > I've have been unable to trap/filter the following: > > www.MyWebsite.com\index.cfm?start=-1%27 > > to keep it from emailing me an error message, and instead CFABORT or > CFLOCATION to Home Page or some such. > > Any ideas? > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:338983 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm