Yeah -

Its the CF version of PHP magic quotes (which irritates me no end).

You've given yourself extra overhead, while losing the performance
gains of cfqueryparam

But you know ;) That's up to you.

Mark


On Fri, 21 Jan 2005 13:52:09 +1100, Jason Sheedy
<[EMAIL PROTECTED]> wrote:
> I currently run content filter with complex regular expression matching to
> weed out any malicious code from form submisions. It's easy to plug into
> an app without having to modify every query with <cfqueryparam>.
> 
> Before anything goes to the database I do this:
> 
> <!--- Invoke an instance of the content filter component in the application 
> scope. --->
> <cfif NOT StructKeyExists(application, "cFilter")>
>         <cflock name="contentFilterLock" type="exclusive" timeout="30">
>         <cfif NOT StructKeyExists(application, "cFilter")>
>                 <cfset 
> application.cFilter=createObject("component","contentFilter")>
>         </cfif>
>         </cflock>
> </cfif>
> 
> <!--- Clean up url and form fields --->
> <cfif NOT StructIsEmpty(attributes)>
>         <!--- Loop through attributes variables. --->
>         <cfloop list="#StructKeyList(attributes)#" index="field">
>         <cfif field DOES NOT CONTAIN "file">
>                 <cfset 
> attributes[field]=application.cFilter.stringFilter(attributes[field])>
>         </cfif>
>         </cfloop>
> </cfif>
> 
> It works pretty well and is also used to strip out any dodgy html
> formatting, etc. Anyone got any thoughts on this?
> 
> Jason Sheedy
> www.voice.com.au
> 

-- 
E: [EMAIL PROTECTED]
W: www.compoundtheory.com
ICQ: 3094740

---
You are currently subscribed to cfaussie as: [email protected]
To unsubscribe send a blank email to [EMAIL PROTECTED]
Aussie Macromedia Developers: http://lists.daemon.com.au/

Reply via email to