>>
>>And you think the average cfform and cfinput tag is sufficient? I
>>don't.
>
> OK, but even if the wrong data type is supplied to the query what will
> happen, you will get an error.
No. You will get a different SQL statement executed as you
intended to be executed.
> If the cfqueryparam detects an incorrect
> data type it will throw an error yes? So what is the difference? Would you
> care to explain your answer rather than just taking pot shots at me?
Google for SQL Injection Attack.
>>>I also don't understand the 'unauthorized users' bit.
>>
>>Authorization is not relevant.
>
> From Docs.
>
> <QUOTE>Macromedia recommends that you use the cfqueryparam tag within every
> cfquery tag, to help secure your databases from unauthorized users.</QUOTE>
>
> Macromedia clearly think it is relevant, would you care to elaborate on why
> you think it isn't?
Using an SQL Injection Attack doesn't change the user
authentication or authorization, it changes the SQL statement.
Jochem
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
