6 Replies Latest reply on Mar 19, 2010 7:21 PM by Dan Bracuk

    SQL Injection - cfqueryparam and other techniques to stop abuse?

    annamjmi Level 1

      We have been having a lot of issues with SQL injection lately and so we are trying various methods to secure the data better.


      First off we have been utlizing cfqueryparam on the queries that are being hit. I am also optimizing the data tables so that more maxlengths are in place.


      What else can be done to improve security? I have looked up everything and anything on the internet and keep seeing the cfqueryparam.


      Does changing the variables or table names make any difference? We are trying that, but I want to make sure it is not a waste of our time.


      Thanks for any other suggestions.