Thanks for the suggestion. I am using cfqueryparam in all of
my queries; however, I want to add some additional insurance and
this will help. Here is my code for what I am doing.
<cfset SQLURLChecker = CGI.QUERY_STRING>
<cfset SQLURLChecker = IsSQLInject(SQLURLChecker)>
<cfif SQLURLChecker IS "true">
<cfset WRITESQLURLChecker = CGI.QUERY_STRING>
<!--- This writes a record of the offending party --->
<cffile action="append"
file="C:\projects\oam\sqllog.txt"
output="Time: #DateFormat(Now(),'MMMM/DD/YYYY')#
#TIMEFORMAT(Now(),'h:mm tt')# Referring Page: #CGI.SCRIPT_NAME# IP
Address: #CGI.REMOTE_ADDR# Illegal Words: #WRITESQLURLChecker#">
<cflocation url="#CGI.SCRIPT_NAME#">
</cfif>