> basic question but want to make sure i understand url variables! Is it > possible for malicious code to be sent through url variables?
Possible, yes, though it depends on how you use the data passed through. In your example, just testing the value against a static value in the code (if url.var is 1), you have nothing to worry about. If you're using that URL variable as part of a where clause in a query, you can open yourself up to problems if you don't handle it properly (i.e. using cfqueryparam). -Justin ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:341128 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
