I'm working my way through some legacy sites that have queries that need a little securing from SQL injection attacks. Most of them simply need cfqueryparam added. But, what's "best practice" for the simple query below?
<cfquery name="getPA" datasource="#request.datasource#" username="#request.username#" password="#request.password#"> SELECT * FROM pa WHERE pa_name like '%#form.pa_name#%' </cfquery> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Check out the new features and enhancements in the latest product release - download the "What's New PDF" now http://download.macromedia.com/pub/labs/coldfusion/cf8_beta_whatsnew_052907.pdf Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:288160 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4