Here is one that Ben Forta wrote about the CFQUERYPARAM http://coldfusion.sys-con.com/read/41712.htm
Hope this helps other's like me.. It's a real eye opener! -Brian On Jun 13, 2007, at 9:35 AM, Brian Petti wrote: > Great resource! Thanks Mark. > > > On Jun 13, 2007, at 9:26 AM, Mark Lewis wrote: > >> There is documentation on the Adobe site for developer security >> guidlines, a >> link to the PDF is below. >> >> http://www.adobe.com/devnet/coldfusion/articles/dev_security/ >> coldfusion_security.pdf >> >> Mark >> >> >> ----- Original Message ----- >> From: "Brian Petti" <[EMAIL PROTECTED]> >> To: "CF-Newbie" <[email protected]> >> Sent: Wednesday, June 13, 2007 1:52 PM >> Subject: Re: SQL Suggestion - Tips Requested >> >> >>> Very good. Thanks J.J. I will read up on those.. Is there a place >>> where I can read about tips that CF newbies should follow? >>> >>> I noticed I left the DSN in my code snippet below.. I guess I >>> will be >>> changing that right away LOL.. Oh well. >>> >>> Anyway, I have never used cfqueryparam.. Anyway, if it would only >>> take a second, could you convert my code below to show me what it >>> would look like? If it will take a while don't bother, I will figure >>> it out.. First things first, I have to go change the DSN now.. >>> stupid >>> me. >>> >>> Thanks again. >>> -Bri >>> >>> P.S. Why is using the * not a great practice if I am using all the >>> fields in each? Or is it because of the joins in case there was a >>> field with the same name? >>> >>> >>> On Jun 13, 2007, at 8:16 AM, J.J. Merrick wrote: >>> >>>> There are 3 things I am seeing with this query that would help >>>> you... >>>> >>>> >>>> 1. Since you are doing a X.ID = Y.ID you are essentially doing a >>>> join, >>>> though the more up-to-date way would be to specify INNER JOIN >>>> >>>> 2. The use of a * is not such a great practice. It is always >>>> recommended to >>>> layout everything you need and only what you need, even if you are >>>> pulling >>>> back all rows lay those out here. >>>> >>>> 3. You really should use a cfqueryparam, no and if's or buts about >>>> it :-). >>>> If you go read on CF-TALK about the SQL injections it will give you >>>> the >>>> reason why. Essentially this is a security measure that also has >>>> some >>>> performance benefits as well. >>>> >>>> >>>> Happy CF'ing! >>>> >>>> J.J. Merrick >>>> >>>> >>>> On 6/13/07, Brian Petti <[EMAIL PROTECTED]> wrote: >>> >> >> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Create robust enterprise, web RIAs. Upgrade & integrate Adobe Coldfusion MX7 with Flex 2 http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP Archive: http://www.houseoffusion.com/groups/CF-Newbie/message.cfm/messageid:2843 Subscription: http://www.houseoffusion.com/groups/CF-Newbie/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.15
