[thelist] Website Database Security

jeff jeff at members.evolt.org
Thu May 3 16:54:51 CDT 2001


rudy,

:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
: From: rudy
:
: this is the CFQUERYPARAM tag and the example
: shows how someone might try to append another
: sql command after a semicolon in an input variable,
: and how cfqueryparam cuts that off
:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

in the case of numeric values you can simply wrap the variable in a val(),
forcing it to a numeric value and essentially dropping all the subsequent
non-numeric data that's being force fed to it.  this should become
secondnature for anyone and is easy to do as it requires very little typing.

just my 2¢,

.jeff

name://jeff.howden
game://web.development
http://www.evolt.org/
mailto:jeff at members.evolt.org





More information about the thelist mailing list