Yeah -
Its the CF version of PHP magic quotes (which irritates me no end).
You've given yourself extra overhead, while losing the performance
gains of cfqueryparam
But you know ;) That's up to you.
Mark
On Fri, 21 Jan 2005 13:52:09 +1100, Jason Sheedy
<[EMAIL PROTECTED]> wrote:
> I currently run content filter with complex regular expression matching to
> weed out any malicious code from form submisions. It's easy to plug into
> an app without having to modify every query with <cfqueryparam>.
>
> Before anything goes to the database I do this:
>
> <!--- Invoke an instance of the content filter component in the application
> scope. --->
> <cfif NOT StructKeyExists(application, "cFilter")>
> <cflock name="contentFilterLock" type="exclusive" timeout="30">
> <cfif NOT StructKeyExists(application, "cFilter")>
> <cfset
> application.cFilter=createObject("component","contentFilter")>
> </cfif>
> </cflock>
> </cfif>
>
> <!--- Clean up url and form fields --->
> <cfif NOT StructIsEmpty(attributes)>
> <!--- Loop through attributes variables. --->
> <cfloop list="#StructKeyList(attributes)#" index="field">
> <cfif field DOES NOT CONTAIN "file">
> <cfset
> attributes[field]=application.cFilter.stringFilter(attributes[field])>
> </cfif>
> </cfloop>
> </cfif>
>
> It works pretty well and is also used to strip out any dodgy html
> formatting, etc. Anyone got any thoughts on this?
>
> Jason Sheedy
> www.voice.com.au
>
--
E: [EMAIL PROTECTED]
W: www.compoundtheory.com
ICQ: 3094740
---
You are currently subscribed to cfaussie as: [email protected]
To unsubscribe send a blank email to [EMAIL PROTECTED]
Aussie Macromedia Developers: http://lists.daemon.com.au/