One method I tend to use regardless of language is the following.
get / set vars ---------
Capture vars from form, url, etc
do verification based on expected data type (EG : iVar check for numeric value)
check for required vars (if bad, try again)
----------------------
build sql statement with verified values
do database actions
The big thing with sql injection is verifying what is in your variables before passing
them to your sql statements.
Eric
----- Original Message -----
From: "derek bumpas" <[EMAIL PROTECTED]>
Hi all,
I would like to know how most of you are protecting against malicious
users and checking for various attacks. I am most interested in
protecting against SQL Injection. Most of the examples and code
snippets that I have seen on both Macromedia and other sites don't seem
to have ANY protection against this type of attack.
The CFQUERYPARAM tag can help if used correctly, but what are some
other techniques being used?
-----------------------------------------------
To post, send email to [EMAIL PROTECTED]
To unsubscribe:
Send UNSUBSCRIBE to [EMAIL PROTECTED]
To subscribe / unsubscribe: http://www.dfwcfug.org
