> unwanted data from URL and FORM scopes. It can be used for
> much more than just SQL.
> Simply add some regular expressions to remove HTML, XML, DOM,
> CF, or anything you like. CFQUERYPARAM does not do that...
> and that is the difference.
However, the title of the thread is "A script to Prevent SQL Injection". My
point is simply that this approach is not the appropriate way to prevent SQL
injection, in my opinion. It may well be an approach for doing other things,
but that would warrant a different thread title.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
phone: 202-797-5496
fax: 202-797-5444
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
