Your name makes me hungry Taco :) mmmm taco's
At 09:33 AM 2/5/2003 +1000, you wrote:
>I just noticed that the HTML is removed from the message so you wont see the
>items in red.
>
>
>CItem=#CItem# is where the problem lies.
>
>talking about security.....
>
>I know to:
>- always use val() with integers in my queries
>- always filter ANY data submitted, including hidden fields
>- use regEx to remove any invalid chars from submitted data
>- use regEx to replace characters like & to & < to < > to > " to
>" ' to · (have not found the right equivelant to ' yet) when
>these characters are to be used in submitted data
>
>What about UNICODE and MS SQL server, can anyone enlighten me on that one?
>And if possible point out any possible holes I might have missed?
>
>TIA
>Taco Fleur
>
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription:
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
This list and all House of Fusion resources hosted by CFHosting.com. The place for
dependable ColdFusion Hosting.
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
