Your max length in this scenario should most likely be the size of the database column in question. If you use a varchar(50) to store your E-mail address, then you know that the only valid strings coming into this query are going to be 50 characters or less.
----- Original Message ----- From: "Radek Valachovic" <[EMAIL PROTECTED]> To: "CF-Talk" <cf-talk@houseoffusion.com> Sent: Thursday, July 24, 2008 1:18 PM Subject: Re: (ot) URL Hack Attempt Leaves Me Scractching My Head... > What would you suggest for this kind of thing: > > Select USERID > from users > where email = '#trim(arguments.email)#' and password = > '#trim(arguments.password)#' ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309649 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4