May I ask a probably dumb question? Isn't val() simply enough to stop a sql injection attack through that function?
--RR On Mon, Jun 11, 2012 at 6:08 PM, Mike Little <m...@nzsolutions.co.nz> wrote: > > on my pricing page, i have the following if statement to ensure invalid > url vars are not being input... > > if (isnumeric(val(URL.lid))) { > > however the query string below seems to get through? what should i be > doing instead? > > --- error message --- > > Diagnostics: The LOCATION_ID argument passed to the get_term_loaded > function is not of type numeric. If the component name is specified as a > type of this argument, its possible that a definition file for the > component cannot be found or is not accessible. > > The error occurred on line 153. > Referrer: > Template: /pricing.cfm > Query string: lid=14%27%2F%2A%2A%2For%2F%2A%2A%2F1%3D%40%40version-- > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:351546 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm