RE: Log reporting error - No actual error

Scott Brady Tue, 17 Sep 2002 11:48:30 -0700

I can give you the relevant parts, without posting all of the actual code:


<!--- replace hack attempts --->
<cfif isDefined("form.firstname")>
        <cfset form.firstname = replacenocase(form.firstname, "<cf", "_HACK", "all")>
        <cfset form.firstname = replacenocase(form.firstname, "<script", "_HACK", 
"all")>
</cfif>

<CFQUERY name="popOrder" DATASOURCE="#DSN#">
INSERT INTO Orders
(       
FirstName
)
VALUES
(       
'#form.FirstName#'
)
</cfquery>


.. and then it displays the next page.

(That page has a form on it, as well, which does the same thing with submissions).

It appears to happen with every field in the form (so, if you were to cfparam 
FORM.firstname, then the error would report for FORM.lastname [the next field]).

--------------------------------
Scott Brady
http://www.scottbrady.net/

 
             
______________________________________________________________________
Get the mailserver that powers this list at http://www.coolfusion.com
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: Log reporting error - No actual error

Reply via email to