>>What kind of DB were you using? > SQL Server 2000
Just as a note, by default MySQL does not allow you to run multiple queries separated with a ";". At least within cfquery tags. This is great for security reasons but makes running large SQL scripts a bit of a pain. It still won't stop someone from tacking on a "OR 1=1" at the end of a query string. Jerry Guido Programmer MGT of America, Inc. [EMAIL PROTECTED] The information contained in this electronic communication is intended only for the use of the addressee, and may be a confidential communication. If you are not the intended recipient, you are hereby notified that you have received this transmittal in error; any review, dissemination, distribution or copying of this transmittal is strictly prohibited. -----Original Message----- From: [EMAIL PROTECTED] [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 23, 2008 1:28 PM To: CF-Talk Subject: Re: Owned by Rootdamages by FasT SQL Server 2000 >What kind of DB were you using? I still haven't seen a good example of a >sql query injection in CF since CF auto escapes single quotes. > >Russ > >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:297227 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
