1 Reply Latest reply on Apr 11, 2007 12:16 PM by Dan Bracuk

    SQL Injection

    kt03 Level 1
      Is there the way to prevent the hacker by putting some thing from the where clause on the SQL statement?

        • 1. Re: SQL Injection
          Dan Bracuk Level 5
          go to cflib.org and look up the safetext function. It will give you a good start. It will also help protect you from cross site scripting.

          Use of cfqueryparam has a lot of benefits, including this. If you can't use that, run some other function on anything the users can send you. The actual functions depend on the datatype of the field.