Regular expressions.
if ( reFindNoCase("(select|declare)",myString) > 0 )
{
// at least one of the words is present
}
HTH
On Tue, Oct 11, 2011 at 9:11 AM, Brian Cain <[email protected]> wrote:
>
> Hello all,
>
> I would like to check a string against a list of keywords and either null
> the string or replace the keywords if found.
>
> Over the past couple of weeks someone has been probing my sites for SQL
> injection vulnerabilities. I have used queryparams and other types of
> validation. but I fear I may have missed something. I am using an old
> version of formurl2attributes that has been modified over the years. My
> thought is to check the attributes list at the end of the custom tag, and
> look for some of the common SQL injection keywords there and mitigate their
> effectiveness.
>
> So in short, how do I search for keywords like "select,declare" in a string
> without looping over the keywords?
>
> Thanks,
> Brian Cain
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:348048
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
