thanks for the pointers, we understand the problem here is down to not using the cfquery param
thanks >Richard you could always use the cfsavecontent to build the SQL, and then >use the variable in the cfquery. > >But you should also be using cfqueryparam with anything from forms and url, >essentially anything that is or could be from user input. > >Regards, >Andrew Scott >http://www.andyscott.id.au/ > > >an ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:345674 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
