On 11/30/06, Dave Watts <[EMAIL PROTECTED]> wrote: > > One thing I've always wondered is do you have protection > > against sql-injection attacks when you use cfinsert/cfupdate? > > According to Ben Forta, yes. This makes sense, I guess, since CF has to > determine the datatypes of the fields in any case.
Dave: I saw you pose that question on Ben's blog in the comments (http://www.forta.com/blog/index.cfm/2006/10/3/Use-CFINSERT-And-CFUPDATE), but saw no response from Ben. If this is in fact the case, that's good to know (altho I still am not a big fan of either tag) :) -- Charlie Griefer ================================================ "...All the world shall be your enemy, Prince with a Thousand Enemies, and whenever they catch you, they will kill you. But first they must catch you, digger, listener, runner, prince with a swift warning. Be cunning and full of tricks and your people shall never be destroyed." ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:262315 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
