> I am currently using the SQLprev.cfm from Jochem to stop the onslaught of > superfluous bandwidth suckage from my server, but was wondering what the > difference would be with this one. I am not looking to start a "my SQL > Injection blocker is better than yours", yet trying to educate myself on just > what is going on and what is best to do.
My original SQLprev script (http://www.gravityfree.com/_sqlprev.cfm.txt) just checks for basic SQL keywords with a semicolon in URL variables. It's a quick and dirty way to give you some protection from bots short-term while your code base is updated to use best practices and secure coding methods. Mary Jo's is more thorough in that it checks additional variable scopes, and can help protect better against hand-drafted attacks, but may have a higher potential for false positives (though it's improved recently from what I can tell). SQLPrev has a version compatible with CF5 for those who need it where the other script relies on CFMX functions to run. I'm not saying one is better than the other, they both get the job done. Just use whatever works best for you, and update your code so that you don't need either of them <g>. -Justin Scott ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311317 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
