With respect to SQL injections and OpenBD ... you don't have to worry too much about it if you are using MYSQL.
The CFQUERY implementation doesn't permit two statements to be executed in one block anyway, as the underlying driver validates the query first of all, and if it doesn't parse it won't get sent to the server. I tried to inject code myself, and found it near on impossible; but i could do it with a PHP page. This was a few years back i grant you. But the safest way you can do protect yourself, is to simply use <CFQUERYPARAM> and do NOT build up your query via string building. This simple little step pretty null'n'voids all injection attacks. --~--~---------~--~----~------------~-------~--~----~ Open BlueDragon Public Mailing List http://groups.google.com/group/openbd?hl=en official site @ http://www.openbluedragon.org/ !! save a network - trim replies before posting !! -~----------~----~----~----~------~----~------~--~---
