>
> This type of coding can be insecure. Just imagine what would
> happen in Oracle, MySQL or any other database that use
> C-style escaping when combined with: <cfset url.user_id =
> "h4ck3r\'; DROP TABLE users; COMMIT; --">
But if you're using CFQUERYPARAM, then that wouldn't effect anything
anyways
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
