> Have you played with characters your database considers escape > characters? Do you know which characters that are? Do you know which > characters that will be for every database your application will ever > run on? > Have you played with characters CF does not consider escape characters > because CF evaluates their Unicode version, but your database considers > escape characters because your database considers their ASCII version? > Do you know which characters that are? Do you know which characters that > will be for every database your application will ever run on? > > > Do you expect a hacker to know more about these issues then you do? > Do you like to take chances?
I'm sensing a theme Jochem....perhaps you think the poster should use cfqueryparam?? ;-) LOL Bryan Stevenson B.Comm. VP & Director of E-Commerce Development Electric Edge Systems Group Inc. phone: 250.480.0642 fax: 250.480.1264 cell: 250.920.8830 e-mail: [EMAIL PROTECTED] web: www.electricedgesystems.com Notice: This message, including any attachments, is confidential and may contain information that is privileged or exempt from disclosure. It is intended only for the person to whom it is addressed unless expressly authorized otherwise by the sender. If you are not an authorized recipient, please notify the sender immediately and permanently destroy all copies of this message and attachments. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Get the answers you are looking for on the ColdFusion Labs Forum direct from active programmers and developers. http://www.adobe.com/cfusion/webforums/forum/categories.cfm?forumid-72&catid=648 Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:285738 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4