So if I wont use maxlenght still it is gonna be secured? thanks On Thu, Jul 24, 2008 at 2:23 PM, Ben Forta <[EMAIL PROTECTED]> wrote:
> MAXLENGTH would typically be the maximum the underlying table allows or the > maximum you want to accept. And MAXLENGTH is optional. > > --- Ben > > > -----Original Message----- > From: Radek Valachovic [mailto:[EMAIL PROTECTED] > Sent: Thursday, July 24, 2008 2:19 PM > To: CF-Talk > Subject: Re: (ot) URL Hack Attempt Leaves Me Scractching My Head... > > What would you suggest for this kind of thing: > > Select USERID > from users > where email = '#trim(arguments.email)#' and password = > '#trim(arguments.password)#' > > > Something like this? > > Select USERID > from users > where email = <cfqueryparam value="#trim(arguments.email)#" > cfsqltype="CF_SQL_VARCHAR" maxlength="?"> and password = <cfqueryparam > value="#trim(arguments.password)#" cfsqltype="CF_SQL_VARCHAR" > maxlength="?"> > > I put Question marks to MAXLENGHT still thinking if I should specify it for > more security (but guessing lenght of emails someone can be rejected) or > can > it be without MAXLENGHT? > > Radek > > > > > > > Not using SELECT * is more of a "best practices" kind of thing. > > > > When you use it, you're potentially pulling more information than you > need, > > which is inefficient. Additionally, specifying all of the columns you're > > pulling is more self-documenting. > > > > I'd much rather see: > > > > SELECT > > u.userName > > , u.userPhone > > , u.userEmail > > , u.userAddress > > FROM > > Users u > > WHERE > > .... > > > > than > > > > SELECT * FROM Users > > > > with the former, I have a better idea of what i'm dealing with (without > the > > need to <cfdump> the query and see it). > > > > > > -- > > A byte walks into a bar and orders a pint. Bartender asks him "What's > > wrong?" Byte says "Parity error." Bartender nods and says "Yeah, I > thought > > you looked a bit off." > > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309651 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
