Hi, basic question but want to make sure i understand url variables! Is it possible for malicious code to be sent through url variables?
Basically, Some CFM files in our applications receive variables through the URL which are just used to do some processing if they are true.... e.g. if url.variable 1 eq true do something... end if Would there be any need to validate whether this variable is true or false at the start of the page? I am thinking there isnt any need as if it isnt equal to true then nothing will happen anyway. as a general rule i am only validating any url variables if they contain data to be placing in the database, is this right? thanks ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:341127 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
