i have been asked to look at a possible sql injection attack. as I look through the code I see stored procs being called by using cfquery like:
cfquery name="asdf" datasource="asdf" storedproc '#var1#', '#var2#' cfquery I've read about using cfstored procs and params to prevent attacks. I've read that using cfquery and doing inline queries can cause injection attacks but I wasn't sure about using cfquery and calling a stored proc through it. Can somebody please confirm? Thanks! Tim ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309477 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4