Hi,
We have just had an SQL injection attack.
Given we have several hundred cold fusion pages and the sql database as several hundred tables has anyone found a reliable solution where why script can be placed in the application.cfm page that will prevent code being appended to queries as a
Just curious, not knowing much about sql injection...
Wouldn't the 'val()' function be sufficient protection in this case? Presuming
that the sql that was trying to be 'injected' was stored in cookie.person_id
then the val() function will effectively nullify it by returning zero... No?
ps.
PM
To: cfaussie@googlegroups.com
Subject: [cfaussie] sql injection was: tvguide.com.au
Just curious, not knowing much about sql injection...
Wouldn't the 'val()' function be sufficient protection in this case?
Presuming that the sql that was trying to be 'injected' was stored