What about injection attacks involving non character type fields? How about checking for semi-colons? greater than or less than? SQL key words? Personally, I use <Cfqueryparam> to give me strict datatyping and a measure of security (plus it really boosts performance).
-mk -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 10, 2002 8:13 AM To: CF-Talk Subject: [whitehat] SQL Injection MS-SQL Is replacing single quotes with double single quote sufficient to stop sql statements being injected into form fields? Does one need to check for variations of unicoded single quotes? ______________________________________________________________________ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
