[thelist] ColdFusion but mostly SQL question
Erik Mattheis
gozz at gozz.com
Mon Jul 29 02:05:01 CDT 2002
5 second quick fix: put:
<cfif cgi.query_string CONTAINS ";">
<cflocation url="http://somewhereelse/">
</cfif>
in application.cfm.
>I have a huge website with many form entries and url variables. I just
>realized that anybody can come along and insert sql code into my
>variables and have it executed. What is the quickest and easiest way I
>fix this?
--
__________________________________________
- Erik Mattheis
(612) 377 2272
http://goZz.com/
Through Mid July
8:30 am - 11:30 pm 7 days/week
(952) 838 7698
__________________________________________
More information about the thelist
mailing list