Hello all, I would like to check a string against a list of keywords and either null the string or replace the keywords if found.
Over the past couple of weeks someone has been probing my sites for SQL injection vulnerabilities. I have used queryparams and other types of validation. but I fear I may have missed something. I am using an old version of formurl2attributes that has been modified over the years. My thought is to check the attributes list at the end of the custom tag, and look for some of the common SQL injection keywords there and mitigate their effectiveness. So in short, how do I search for keywords like "select,declare" in a string without looping over the keywords? Thanks, Brian Cain ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:348047 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
