I did - many times before I sent the message. So, explain, please. >From CF: "(cfqueryparam) Verifies the data type of a query parameter ..."
My example is a text field. The potential inject/bad data language is text. I just tested it and cfqueryparam did not prevent me from entering potentially bad data into the table. Larry V. Stephens -----Original Message----- From: .jonah [mailto:jonah....@creori.com] Sent: Monday, November 03, 2014 9:46 PM To: cf-talk Subject: Re: cfqueryparam & EncodeForHTML Read up on how query param works. It will protect against Johnson & Johnson's;delete * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359557 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm