I precompile everything. No DSN needed and since cfquery is serializable I make a unique backup copy of tables for fun.
Example application.cfm <cfif NOT isdefined("application.sqlserver_connection") OR application.sqlserver_connection.isClosed() EQ "YES"> <cfset application.insert_mailiglist = application.sqlserver_connection.prepareStatement("INSERT INTO mailinglist (Email,USER_NAME,PASSWORD,date_added,Days_Remaining,date_end,Status,Validated,Delivery) VALUES (?,?,?,?,?,?,?,?,?);")> </cfif> Some CFC <cfset success = application.insert_mailiglist.executeUpdate()> thats it! On 8/23/06, Jochem van Dieten <[EMAIL PROTECTED]> wrote: > > Russ wrote: > > So there's the question. Can someone provide an example of a working > sql > > injection attack? > > Plenty have been posted in this thread. Even more are in the archives. And > if that isn't enough, check the archives of the penetration-testing > securityfocus mailinglist. > > Jochem > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:250828 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4