>>That's fine, until the attack pattern contains something else, like Unicode sequences.
Not from the same address though, because it is banned now. And the purpose of my code is not to replace CFQUERYPARAM. It is to add an extra feature that will not only protect the database, but ALSO the whole site, because the guy won't be able to open any other page. >>Figuring out what patterns to deny is a losing battle. Look at what <CFQUERYPARAM CFSQLType = "CF_SQL_INTEGER "... does: It triggers an error if the parameter is not an integer. My code does exactly the same thing, PLUS it bans the intruder in case some known attack pattern is detected. -- _______________________________________ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309378 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
