you could always use, isValid("type",variable) to check uuid, such as:
isValid("uuid", url.categoryid) to make sure that it really is a uuid.I don't know how robust this is, but it should work. Tomek On Thu, Apr 9, 2009 at 11:52 AM, Marco van den Oever < [email protected]> wrote: > > I was used to only use cfquery and cfqueryparam, so is any security > needed when using the below code: > > <cfset props.whereclause="(shopcategory) IN (SELECT objectid FROM > #application.dbowner#shopcategories WHERE > #application.dbowner#shopcategories.objectid = '#url.categoryid#')" /> > > <cfset shopproducts = shopproducts_obj.getMultipleByQuery > (argumentCollection=props) /> > > Normally i would use a cfqueryparam for the "'#url.categoryid#" in the > whereclause, is this now handled by Farcry? > > Thanks. > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "farcry-dev" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/farcry-dev?hl=en -~----------~----~----~----~------~----~------~--~---
