May I ask a probably dumb question?
Isn't val() simply enough to stop a sql injection attack through that
function?
--RR
On Mon, Jun 11, 2012 at 6:08 PM, Mike Little <m...@nzsolutions.co.nz> wrote:
>
> on my pricing page, i have the following if statement to ensure invalid
> url vars are not being input...
>
> if (isnumeric(val(URL.lid))) {
>
> however the query string below seems to get through? what should i be
> doing instead?
>
> --- error message ---
>
> Diagnostics: The LOCATION_ID argument passed to the get_term_loaded
> function is not of type numeric. If the component name is specified as a
> type of this argument, its possible that a definition file for the
> component cannot be found or is not accessible.
>
> The error occurred on line 153.
> Referrer:
> Template: /pricing.cfm
> Query string: lid=14%27%2F%2A%2A%2For%2F%2A%2A%2F1%3D%40%40version--
>
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:351546
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
