I might be wrong, but I don't think you can issue multiple SQL commands to Access in
this way.
-Andy
> -----Original Message-----
> From: Bosky, Dave [mailto:[EMAIL PROTECTED]]
> Sent: Monday, August 13, 2001 9:25 AM
> To: CF-Talk
> Subject: RE: Hacking CF Web Sites and Applications
>
>
> SELECT myitem, myphoto
> FROM mystuff
> WHERE Show=#URL.Show#
>
>
> -----Original Message-----
> From: Don Vawter [mailto:[EMAIL PROTECTED]]
> Sent: Monday, August 13, 2001 9:12 AM
> To: CF-Talk
> Subject: Re: Hacking CF Web Sites and Applications
>
>
> Let us see the query where you used the url.show parameter. Also
> as an aid,
> turn on debugging in cf and grab the actual generated query to
> see what you
> db actually saw
>
> ----- Original Message -----
> From: "Bosky, Dave" <[EMAIL PROTECTED]>
> To: "CF-Talk" <[EMAIL PROTECTED]>
> Sent: Monday, August 13, 2001 7:02 AM
> Subject: RE: Hacking CF Web Sites and Applications
>
>
> > Using the url 'xxx.cfm?show=23;%20DROP%20TABLE%20MyStuff'
> > I attempted to drop my table and it failed. Why didn't it drop the
> > table? Either I've done something to prevent it that I'm unaware of or
> > I used invalid syntax.
> >
> > -----------------------
> > [Microsoft][ODBC Microsoft Access Driver] Characters found after end
> > of
> SQL
> > statement.
> > -----------------------
> >
> > Thanks.
> > Dave
> >
> >
> >
> >
> >
> > -----Original Message-----
> > From: Don Vawter [mailto:[EMAIL PROTECTED]]
> > Sent: Sunday, August 12, 2001 11:01 AM
> > To: CF-Talk
> > Subject: Re: Hacking CF Web Sites and Applications
> >
> >
> > I have a page on preventing url hacks which was derived from the
> > school of hard knocks after it happened to me
> > http://www.vawter.com/urlhack.cfm
> >
> > ----- Original Message -----
> > From: "Daryl Fullerton" <[EMAIL PROTECTED]>
> > To: "CF-Talk" <[EMAIL PROTECTED]>
> > Sent: Sunday, August 12, 2001 8:37 AM
> > Subject: Hacking CF Web Sites and Applications
> >
> >
> > > Hi all,
> > >
> > > Any one got general advice on how to prevent hackers from getting
> > > access
> > to
> > > CF sites via back doors and tampering with data
> > >
> > > We dont want the hackers to be able to change data via URL strings.
> > >
> > > e.g Encrypting URL variables etc
> > >
> > > Anything else we should look at
> > >
> > > Any good articles out there?
> > >
> > > Thanks
> > >
> > > Daryl Fullerton,
> > > Managing Partner,
> > > BizNet Solutions,
> > > Allaire Premier Partner (Ireland)
> > > 133 - 137 Lisburn Road
> > > Belfast
> > > BT9 7AG
> > > N.Ireland
> > >
> > > Direct +44 (0) 28 9022 7888
> > > Tel +44 (0) 028 9022 3224
> > > Fax +44 (0) 028 9022 3223
> >
> > <snip>
> >
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
