RE: URL Hack Fix??

Cameron Childress Mon, 13 Aug 2001 10:41:22 -0700
Of course, that is:

WHERE ID = #Val(URL.id)#

*With the pound signs*

-Cameron

--------------------
Cameron Childress
elliptIQ Inc.
p.770.460.1035.232
f.770.460.0963
--
http://www.neighborware.com
America's Leading Community Network Software





> -----Original Message-----
> From: Cameron Childress [mailto:[EMAIL PROTECTED]]
> Sent: Monday, August 13, 2001 2:00 PM
> To: CF-Talk
> Subject: RE: URL Hack Fix??
>
>
> Val(URL.id) passes the value of the URL.id, unless it's non-numeric, in
> which case it passes a zero.  Use like so:
>
> WHERE ID = Val(URL.id)
>
> -Cameron
>
> --------------------
> Cameron Childress
> elliptIQ Inc.
> p.770.460.1035.232
> f.770.460.0963
> --
> http://www.neighborware.com
> America's Leading Community Network Software
>
>
>
>
>
> > -----Original Message-----
> > From: Timothy Lynn [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, August 13, 2001 1:49 PM
> > To: CF-Talk
> > Subject: Re: URL Hack Fix??
> >
> >
> > And on a related note.. What are the best ways to go about ensuring that
> > the parameters passed are valid?
> >
> > Is a simple:
> >
> > cfif IsDefined("URL.id") AND IsNumeric(URL.id)
> >     do the query
> > cfelse
> >     kick someone in the keister
> > /cfif
> >
> > sufficient, or are there more sinister things to look for? (This of
> > course assumes passing simple numeric values, which seems pretty
> > commonplace).
> >
> > -Tim
> >
> > ----- Original Message -----
> > From: "S R" <[EMAIL PROTECTED]>
> > To: "CF-Talk" <[EMAIL PROTECTED]>
> > Sent: Monday, August 13, 2001 12:43 PM
> > Subject: URL Hack Fix??
> >
> >
> > > another hack question. I've read Don Vawter's website on how to
> > prevent this
> > > type of attack. Someone told me at my work that there's an IIS patch
> > that
> > > prevents this. Is this true? I'm using IIS 4.0 and SQL 7.0 and SQL
> > 2000 for
> > > the backend. I want to go back and add these fixes to my CF pages, but
> > if
> > > there's a patch, I won't need to do it.
> > >
> > > Thanks
> >
> >
> >
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: URL Hack Fix??

Reply via email to
