Now I feel bad...I should have mentioned all that, but it's getting late and
I'm tired. Oh well.
Doug B.
----- Original Message -----
From: "Rick Root" <[EMAIL PROTECTED]>
To: "CF-Talk" <cf-talk@houseoffusion.com>
Sent: Friday, November 10, 2006 7:55 PM
Subject: Re: Code Question
> Jason T. Slack wrote:
> >
> > <CFAPPLICATION NAME="mysession" SESSIONMANAGEMENT="Yes"
> > SESSIONTIMEOUT="#CreateTimeSpan(0, 0, 20, 0)#">
>
> PRoblem #1: <cfapplication> ONLY goes in a file called Application.cfm
>
> The application.cfm is processed on EVERY coldfusion request.
>
> Problem #2: <!--- successful login -->
>
> You've combined a CFML open comment ("<!---") with a standard HTML
> comment end "-->")
>
> Problem #3 - ALWAYS USE CFQUERYPARAM in your queries.
>
> so replace your variable parameters in the query with cfqueryparam tags,
> like this:
>
> <cfquery name="ckCreds" datasource="#MyDSN#">
> SELECT LocationName FROM
> WHERE LocationID = <Cfqueryparam cfsqltype="cf_sql_varchar"
> value="#form.user#">
> AND LocationPassword = <cfqueryparam cfsqltype="cf_sql_varchar"
> value="#form.password#">
> </cfquery>
>
>
> Just get used to using cfqueryparam now and it will save you a LOT of
> grief later. It improves performance and enhances security - eliminates
> the possibility of SQL injection.
>
> Rick
>
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting,
up-to-date ColdFusion information by your peers, delivered to your door four
times a year.
http://www.fusionauthority.com/quarterly
Archive:
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:259984
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
