>>From: Jochem van Dieten
>>
>> This type of coding can be insecure. Just imagine what would
>> happen in Oracle, MySQL or any other database that use
>> C-style escaping when combined with: <cfset url.user_id =
>> "h4ck3r\'; DROP TABLE users; COMMIT; --">
>
> But if you're using CFQUERYPARAM, then that wouldn't effect anything
> anyways
Which is why I advocate cfqueryparam.
Jochem
--
I don't get it
immigrants don't work
and steal our jobs
- Loesje
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
