Thanks, I have corrected everything and looked up cdqueryparam tag in Forta's book.
Now it tells me that my datasource is undefined: Variable MYDSN is undefined. Is there anything special that one has to do? I created the DSN in the admin setup and it is found there. Can I simply not say MyDSN in the cfquery statement. -Jason On Nov 10, 2006, at 9:55 PM, Rick Root wrote: > Jason T. Slack wrote: >> >> <CFAPPLICATION NAME="mysession" SESSIONMANAGEMENT="Yes" >> SESSIONTIMEOUT="#CreateTimeSpan(0, 0, 20, 0)#"> > > PRoblem #1: <cfapplication> ONLY goes in a file called Application.cfm > > The application.cfm is processed on EVERY coldfusion request. > > Problem #2: <!--- successful login --> > > You've combined a CFML open comment ("<!---") with a standard HTML > comment end "-->") > > Problem #3 - ALWAYS USE CFQUERYPARAM in your queries. > > so replace your variable parameters in the query with cfqueryparam > tags, > like this: > > <cfquery name="ckCreds" datasource="#MyDSN#"> > SELECT LocationName FROM > WHERE LocationID = <Cfqueryparam cfsqltype="cf_sql_varchar" > value="#form.user#"> > AND LocationPassword = <cfqueryparam > cfsqltype="cf_sql_varchar" > value="#form.password#"> > </cfquery> > > > Just get used to using cfqueryparam now and it will save you a LOT of > grief later. It improves performance and enhances security - > eliminates > the possibility of SQL injection. > > Rick > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:259986 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4