How to protect this query?

Les Mizzell Tue, 11 Sep 2007 09:23:02 -0700

I'm working my way through some legacy sites that have queries that need 
a little securing from SQL injection attacks. Most of them simply need 
cfqueryparam added. But, what's "best practice" for the simple query below?



<cfquery name="getPA"
          datasource="#request.datasource#"
          username="#request.username#"
          password="#request.password#">
   SELECT * FROM pa
   WHERE pa_name like '%#form.pa_name#%'
</cfquery>

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Check out the new features and enhancements in the
latest product release - download the "What's New PDF" now
http://download.macromedia.com/pub/labs/coldfusion/cf8_beta_whatsnew_052907.pdf

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:288160
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

How to protect this query?

Reply via email to