>- see footer for list info -<
>From what you said in your other post it seems like your instructor just put
in some html tags to mess the page up a little.
For example, if you allow a user to enter text unchecked into the DB and
then you display that text at best it might be that they have made some text
bold. At worst(as far as I can tell) they could enter some JS to redirect to
another site(I think this is called cross site scripting, although it may
apply to other things as well).
The DB contains...
Hello, this is my post, I like <strong>cake</strong> I do.
... the output isn't so bad, it the use did this...
Hello and good bye <script>document.location.href =
"www.MyWonkyWebsite.com"; </script>
... then anyone browsing that page would get redirected.
Below you're talking about something else, SQL injection. For a better
explanation search google, for a solution, if you use <cfquery> to insert
data into the DB, use <cfqueryparam> to help out against it.
<cfquery ...>
INSERT INTO yourTable (
ValueOne,
ValueTwo
) VALUES (
<cfqueryparam cfsqltype="CF_SQL_INTEGER"
value="#FORM.someField#">,
<cfqueryparam cfsqltype="CF_SQL_VARCHAR"
value="#FORM.someOtherField#">
)
</cfquery>
Excuse any mistakes above, ER is on and it's heating up :OD
Ade
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Peter Donahue
Sent: 31 January 2005 21:03
To: Jolly Green Giant; Coldfusion Development
Subject: [CF-Dev] cfqueryparam tag
>- see footer for list info -<
Hello again everyone,
On which pages do I place the <
<cfqueryperam> tag. Does this go on the form pages where the user is
supposed to enter their data, or on all pages I wish to protect. I wish he
had spent time on this subject during our class, and explained how these
tags are used, if this tag is a single tag, or if it's one used in pairs,
how to define parameters within the tag itself, you get the idea. I could
sure use a primmer, or some sample code of how it's used. It was during our
last class meeting when my instructor hacked this page, but he didn't give
us the exact tag information. If you can send me sample code, or direct me
to articles, and examples of how to use this tag I'll appreciate that very
much, and can go on to finish creating this website. Thanks again for your
help.
Peter Donahue
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 265.8.2 - Release Date: 28/01/2005
_______________________________________________
For details on ALL mailing lists and for joining or leaving lists, go to
http://list.cfdeveloper.co.uk/mailman/listinfo
--
CFDeveloper Sponsors:-
>- Hosting provided by www.cfmxhosting.co.uk -<
>- Forum provided by www.fusetalk.com -<
>- DHTML Menus provided by www.APYCOM.com -<
>- Lists hosted by www.Gradwell.com -<
>- CFdeveloper is run by Russ Michaels, feel free to volunteer your help -<
