[thelist] Website Database Security
jeff
jeff at members.evolt.org
Thu May 3 16:54:51 CDT 2001
rudy,
:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
: From: rudy
:
: this is the CFQUERYPARAM tag and the example
: shows how someone might try to append another
: sql command after a semicolon in an input variable,
: and how cfqueryparam cuts that off
:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
in the case of numeric values you can simply wrap the variable in a val(),
forcing it to a numeric value and essentially dropping all the subsequent
non-numeric data that's being force fed to it. this should become
secondnature for anyone and is easy to do as it requires very little typing.
just my 2¢,
.jeff
name://jeff.howden
game://web.development
http://www.evolt.org/
mailto:jeff at members.evolt.org
More information about the thelist
mailing list