8 Replies Latest reply on Oct 23, 2008 10:26 AM by chazman113

    Automatically parameretize code with a script

      I have several thousand queries to add cfqueryparams to... using regular expressions and pattern matching I was thinking it is very possible to write something to crawl and entire hard drive of CFM pages to find code within cfquery and then find things such as (somename = '#form.whydidntiparametizethis#') and replace it with the appropriate. I guess one problem would be disitnguising between dates, ints, floats, ect... but couldn't we just make the type varchar? wouldn't be perfect but would prevent injection. has anyone heard of something like this or written some code I could work off of?