Also, and I haven't tested this, cfqueryparam gives a speed boost. ======================================================================= Raymond Camden, Principal Spectra Compliance Engineer for Macromedia Email : jedimaster at macromedia.com ICQ UIN : 3679482 "My ally is the Force, and a powerful ally it is." - Yoda > -----Original Message----- > From: thelist-admin at lists.evolt.org > [mailto:thelist-admin at lists.evolt.org]On Behalf Of rudy > Sent: Tuesday, April 03, 2001 2:46 PM > To: thelist at lists.evolt.org > Subject: Re: [thelist] Security Tip > > >That code would be not prone to the sort of attack you mentioned. > > there's also CFQUERYPARAM which gives a lot more flexibility to the > validation -- integers, dates, decimal, etc. >