I assume you are referring to SQL Injection? If so, I always use regular expressions to filter any data and remove unwanted chars. Currently writing a complete framework/methodology for it, still debating whether I should go open source with it......
Taco -----Original Message----- From: Jon Hart [mailto:[EMAIL PROTECTED] Sent: Monday, 23 June 2003 8:06 AM To: CFAussie Mailing List Subject: [cfaussie] RE: <CFQUERY > SQL as a string command I think it is quite reasonable ( I do it ), but you need to make sure that the code isnt exposed to user input, as you cant use cfqueryparam. Has anyone come with a methodology for using cfqueryparam outside of a query tag? The only technique Ive seen is to write the whole query to a file, and then include. Damn cf for not having robust evaluate functionality. Or more to the point, damn cf for not having fully capable cfscript. Jon. --- You are currently subscribed to cfaussie as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] MX Downunder AsiaPac DevCon - http://mxdu.com/ ---------------------------------------------------------------------------- This email, together with any attachments, is intended for the named recipient(s) only and may contain privileged and confidential information. If received in error, please inform the sender as quickly as possible and delete this email and any copies from your computer system network. If not an intended recipient of this email, you must not copy, distribute or rely upon it and any form of disclosure, modification, distribution and/or publication of this email is prohibited. Unless stated otherwise, this email represents only the views of the sender and not the views of the Queensland Government. ---------------------------------------------------------------------------- --- You are currently subscribed to cfaussie as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] MX Downunder AsiaPac DevCon - http://mxdu.com/
