> using this tag will prevent someone from injecting malicious code into
> your queries.
The current discussion of CFQUERYPARAM concerned whether to use it for
literal values, rather than values derived from variables. In that case,
there's no security issue, since there's no user or program input.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
phone: 202-797-5496
fax: 202-797-5444
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
