Your name makes me hungry Taco :) mmmm taco's At 09:33 AM 2/5/2003 +1000, you wrote: >I just noticed that the HTML is removed from the message so you wont see the >items in red. > > >CItem=#CItem# is where the problem lies. > >talking about security..... > >I know to: >- always use val() with integers in my queries >- always filter ANY data submitted, including hidden fields >- use regEx to remove any invalid chars from submitted data >- use regEx to replace characters like & to & < to < > to > " to >" ' to · (have not found the right equivelant to ' yet) when >these characters are to be used in submitted data > >What about UNICODE and MS SQL server, can anyone enlighten me on that one? >And if possible point out any possible holes I might have missed? > >TIA >Taco Fleur > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting.
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4