I appreciate all of the interesting feedback my original post has received.
Often, I see applications built without the protection needed against these types of attacks. I've been diligent and have validated all the variables before using them in SQL statements. In the future, when MySQL supports Stored Procedures, I plan to move to them. Fortunately, I've abstracted all database access into CFC's so the changes should be a breeze. :) Derek ----------------------------------------------- To post, send email to [EMAIL PROTECTED] To unsubscribe: Send UNSUBSCRIBE to [EMAIL PROTECTED] To subscribe / unsubscribe: http://www.dfwcfug.org
