>- see footer for list info -< Have some code with a query like this: SELECT * FROM Users Where User = '#trim(form.user)#' AND Password= '#trim(form.password)#' Now, I wanted to prove to the person who wrote it that SQL injection was possible. I am on CFMX 7 and CF is kindly escaping the ' for me. When was this upgraded? CF5 to CFMX6 or CFMX6 to CFMX7? Thanks Allan P.S. Need a decent course in hacking. lol. _______________________________________________
For details on ALL mailing lists and for joining or leaving lists, go to http://list.cfdeveloper.co.uk/mailman/listinfo -- CFDeveloper Sponsors:- >- Hosting provided by www.cfmxhosting.co.uk -< >- Forum provided by www.fusetalk.com -< >- DHTML Menus provided by www.APYCOM.com -< >- Lists hosted by www.Gradwell.com -< >- CFdeveloper is run by Russ Michaels, feel free to volunteer your help -<
