If your form uses the "get" method, the variables will be in the 'url' scope. If the form uses the "post" method, your variables will be in the 'form' scope.
On Jan 23, 2008 12:30 PM, [EMAIL PROTECTED] [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > Is there a way to address all URL scopes or do I have to be specific and > list all URL scopes used on the site? > > I'm thinking ... > > <CFIF ISDEFINED ("URL.pr_id")> > <CFIF URL.pr_id contains "select"> > </CFIF> > </CFIF> > > > >Or at the very least write some generic code in Application.cfm > /Application.cfc > >that inspects the form, url and cookie scopes and strips out anything > >suspicious like SQL statements. That would only be a half measure though. > >The queries need to be changed to use cfqueryparam. > > > >On Jan 23, 2008 11:38 AM, Tom Chiverton <[EMAIL PROTECTED]> > >wrote: > > > >> > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:297192 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4