Whatever the length of the column in your DB. Adrian
-----Original Message----- From: Radek Valachovic [mailto:[EMAIL PROTECTED] Sent: 24 July 2008 19:19 To: CF-Talk Subject: Re: (ot) URL Hack Attempt Leaves Me Scractching My Head... What would you suggest for this kind of thing: Select USERID from users where email = '#trim(arguments.email)#' and password = '#trim(arguments.password)#' Something like this? Select USERID from users where email = <cfqueryparam value="#trim(arguments.email)#" cfsqltype="CF_SQL_VARCHAR" maxlength="?"> and password = <cfqueryparam value="#trim(arguments.password)#" cfsqltype="CF_SQL_VARCHAR" maxlength="?"> I put Question marks to MAXLENGHT still thinking if I should specify it for more security (but guessing lenght of emails someone can be rejected) or can it be without MAXLENGHT? Radek ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309648 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
