>You can put a function in the null attribute of the cfqueryparam tag to >check for those characters. The function returns the numeric position of >one of these characters if it exists. A value of 0 (not found) is treated >as boolean false by ColdFusion and will result in the variable passed being >used. Any other value, which will always be a positive integer, will be >treated as boolean true and the value of the inserted field will be null >rather than the value of the variable passed. >null="#refind(...)#" > >On Thu, Mar 12, 2015 at 9:15 PM, Andy Mann <[email protected]> >wrote: > >> hi michael,
what happens if the variable has unwanted characters is that i get a error naming the issue and that i consider giving the techojerk a heads up. what i would want to do is have the page abort or drop them back to the home page with no source code telling them what happened. adding a bunch of code for error detect would make my page unruly as some contain a very long string of queries, updates, etc. note that the fact that they got to the page in the first place means they are up to no good and probably altered the previous page to change cfinput variables. the only thing i can see is to use cfparam directly above the query and that can still make the page a server load/load time a mess. there has to be a simpler solution or cfqueryparam needs some serious fixing. tnx ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/regex/message.cfm/messageid:1261 Subscription: http://www.houseoffusion.com/groups/regex/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/regex/unsubscribe.cfm
