There is a nice custom tag on allaire for this. http://devex.allaire.com/developer/gallery/info.cfm?ID=0FFF0D11-BF26-11 D5-83 F700508B94F85A&method=Full
There are two major products that come out of Berkeley: LSD and [Unix] BS D. We don't believe this to be a coincidence. Doug Brown ----- Original Message ----- From: "Bruce, Rodney (Contractor)" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Wednesday, January 02, 2002 8:43 AM Subject: RE: Validating forms (security) > Check out qForms: > > http://www.pengoworks.com/qForms/ > > I got this from another post on this list. It might help. > > -----Original Message----- > From: joachim [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, January 02, 2002 11:24 AM > To: CF-Talk > Subject: Validating forms (security) > > > Hi, > > I'm tuning a forum (as in security checks) but i'm quite confused about > how > one would handle form input. > > I know that one should always validate data before doing any operations > with > it, > eg validating numbers (see also url hack). > > But how does one handle "plain text" ? > For the "<", ">" characters would it be correct, > If I state that replacing them with there html equivalent (< ) would > be > enough ? > > I've been searching the cf-talk archive and spitted out some forums > (devex) > (where btw I didn't even found number validation *cough* ) but to no > success. > > I've never seen/found a way to pass in additional sql statements(or > anything > other for that matter) by filling out a form (aka plain text). > > And there's also the fact that for "SQL forum" it would be obvious > that one > would enter "drop table, create table,...." > So what do you do then ? > > If anybody has any insights on this please enlighten me. > > BTW, I'm already using cfqueryparam in all my sql statements. > > > Thanks alot, > Joachim > > > ______________________________________________________________________ Why Share? Dedicated Win 2000 Server � PIII 800 / 256 MB RAM / 40 GB HD / 20 GB MO/XFER Instant Activation � $99/Month � Free Setup http://www.pennyhost.com/redirect.cfm?adcode=coldfusionc FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
