Someone correct me if I am wrong, but if you enable non-latin text for a
datasource, cfqueryparam will treat ALL cf_sql_varchar data as unicode. Meaning
there is no way to specify a non-unicode (ansi) string other than to NOT use
cfqueryparam?
I'm trying to weigh the value of enabling the
Check out OWASP...here is a CF implementation:
http://blog.pengoworks.com/index.cfm/2008/1/3/Using-AntiSamy-to-protect-your-CFM-pages-from-XSS-hacks
or the tinyurl link:
http://tinyurl.com/yhl34tn
I'm building a form cleaner utility method that might help thwart some
XSS, clean my fields up,
Why not just use CFQUERYPARAM bound parameters in your SQL?
In my case, I'm scrubbing the data. cfqueryparam doesn't do that.
~|
Order the Adobe Coldfusion Anthology now!
Someone correct me if I am wrong, but if you enable non-latin text for a
datasource, cfqueryparam will treat ALL cf_sql_varchar data as unicode. Meaning
there is no way to specify a non-unicode (ansi) string other than to NOT use
cfqueryparam?
I'm trying to weigh the value of enabling the
Not at all.
Mark Drew
Railo Technologies UK
Professional Open Source
skype: mark_railo
email: m...@getrailo.com
gtalk: m...@getrailo.com
tel:+44 7971 85 22 96
web:http://www.getrailo.com
On 24 Jul 2010, at 19:06, Arsalan Tariq Keen wrote:
Does this mean CFML is or will
Someone correct me if I am wrong, but if you enable non-latin text for a
datasource, cfqueryparam will treat ALL cf_sql_varchar data as unicode. Meaning
there is no way to specify a non-unicode (ansi) string other than to NOT use
cfqueryparam?
I'm trying to weigh the value of enabling the
Well, no, not at all. CF has been around for a rather long time and
never had a committee to define the language. The work of this
particular committee had some effect, helping make some changes late
in the CF9 development cycle and some changes in Railo and OpenBD I
believe, but by and large it
Why not just use CFQUERYPARAM bound parameters in your SQL?
In my case, I'm scrubbing the data. cfqueryparam doesn't do that.
Right. That was directed to Andrew. CFQUERYPARAM doesn't provide any
protection for XSS vulnerabilitis.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
I'm building a form cleaner utility method that might help thwart some XSS,
clean my fields up, etc.
One nice thing about CF is that you can implement existing Java
solutions. You can, for example, use Java servlet filters, which will
process incoming requests before CF does. Andrew Grosset
Someone correct me if I am wrong, but if you enable non-latin text for a
datasource, cfqueryparam will treat ALL
cf_sql_varchar data as unicode. Meaning there is no way to specify a
non-unicode (ansi) string other than to NOT use
cfqueryparam?
I believe this is correct. At least with MS
On 7/25/2010 4:53 AM, Igor Ilyinsky wrote:
Someone correct me if I am wrong, but if you enable non-latin text
for a datasource, cfqueryparam will treat ALL cf_sql_varchar data as
unicode. Meaning there is no way to specify a non-unicode (ansi)
string other than to NOT use cfqueryparam?
11 matches
Mail list logo