Oh for sure. I have a lomg list of security changes I want to make prior to deployment, and the one you mentioned is on the list. I've been trying to just 'make things work' and onve the core logic and code is there, I will go tighten it up.
Am I understanding cfindex correctly? On 10/29/09, Alan Williamson (aw1) <[email protected]> wrote: > > pssst ... remember to <cfqueryparam value="#form.fullname#"> all your > queries ... its good practice to do this all the time, and you can > forget about escaping, cross-scripting, and all the other nasties that > can come from it. > > Jason Allen wrote: >> Hi Guys, >> >> <CFQUERY NAME="create_address" DATASOURCE="members"> >> >> INSERT INTO tbl_member_contacts >> >> (member_id, >> full_name, >> address_a, >> address_b, >> city, >> state, >> country, >> postal, >> phone_number, >> phone_number_type, >> show_phone_number, >> call_time >> ) >> >> VALUES >> ('#myid#', >> '#FORM.fullname#', >> '#FORM.address_a#', >> '#FORM.address_b#', >> '#FORM.city#', >> '#FORM.state#', >> '#FORM.country#', >> '#FORM.postal#', >> '#FORM.phone_number#', >> '#FORM.phone_number_type#', >> '#FORM.show_phone_number#', >> '#FORM.call_time#' >> ) >> >> ; >> >> </CFQUERY> > > > > -- Sent from Gmail for mobile | mobile.google.com --~--~---------~--~----~------------~-------~--~----~ Open BlueDragon Public Mailing List http://groups.google.com/group/openbd?hl=en official site @ http://www.openbluedragon.org/ !! save a network - trim replies before posting !! -~----------~----~----~----~------~----~------~--~---
