> Meaning SQL server is more vulnerable to SQL injection attacks. > > Hmm... wonder what this does? > > <cfset url.parameter='1; drop table orders;'> > <cfquery name="qryname" datasource="somedsn"> > Select * from items where itemId=#url.parameter# > </cfquery>
How do you figure Russ? No matter what DB you use, that snippet would make it vulnerable....you should always use CFQUERYPARAM. So how does running multiple statements make a DB vulnerable to SQL injection if you properly use CFQUERYPARAM?? Cheers Bryan Stevenson B.Comm. VP & Director of E-Commerce Development Electric Edge Systems Group Inc. phone: 250.480.0642 fax: 250.480.1264 cell: 250.920.8830 e-mail: [EMAIL PROTECTED] web: www.electricedgesystems.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220385 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54