On 12/6/05, Chris Gomez <[EMAIL PROTECTED]> wrote: > I remember reading somewhere that a knowledgable hack could append a SQL > statement to a cfm filename (example: index.cfm?Name='Drop Table')and cause > it to drop a table. The fix for it was to use cfqueryparams to filter the > data being submitted to the query. Sorry for the lack of info, but that's > about all I remember. Does anyone know how this hack works? > > btw, I'm not trying to do this, just figure out how it works and how to > prevent it.
Google "sql injection" and you'll find lots of info. Matt -- Matt Woodward [EMAIL PROTECTED] http://www.mattwoodward.com _______________________________________________ List mailing list Reply to DFWCFUG: [email protected] Subscribe/Unsubscribe: http://lists1.safesecureweb.com/mailman/listinfo/list List Archive: http://lists1.safesecureweb.com/mailman/private/list DFWCFUG Sponsors: www.HostMySite.com www.teksystems.com/
