[thelist] ColdFusion but mostly SQL question

Josh josh at eaccessit.com
Sun Jul 28 17:06:01 CDT 2002


I have a huge website with many form entries and url variables.  I just
realized that anybody can come along and insert sql code into my
variables and have it executed.  What is the quickest and easiest way I
fix this?

Is doing a replace() on ' the only way?

Thanks,
Josh






More information about the thelist mailing list