As someone who was hit by the attack on the first day. I will say I've used cfqueryparam for years and yet I had a handful of pages with old code where I was not using cfqueryparam. It just takes one page that's publically accessible to do damage. Once I fixed the pages in question, try as they might, I have not been effected since.
Using cfqueryparam is a good habit to get into, to protect your sites and client sites. I was also running a forum program I purchased years ago CFForum2000 I think, and all the code in that product was not using cfqueryparam either. I had to go through and edit the code throughout. It's possible their newer versions are using proper coding but it was a bit of a pain, and really my own fault for not rechecking that code long ago. Kelly David Moore, Jr. wrote: > When you say "Update Your Code", are you saying using <cfqueryparam>? But > even so, the SQL injection still will use up countless resources instead of > cutting it off early. So, go back and fix 1,000's of lines of code I have > developed over the last 'upteen' years or stop it before it starts? Is this > something new to CF8 or just a necessary evil because of SQL Injection > Attacks. > > Not trying to pick a fight, becuase I am sure you have forgotten more code > than I will ever know (seriously) and I am probably just being lazy > (seriously), but is <cfqueryparam> something a lot of programmers really use? > I have never seen <cfqueryparam> used on any tags I have purchased or > exchanged and I am afraid all I know is what I have learned from books and > forums. This is the first I have ever heard of using <cfqueryparam>. > > ~David G. Moore, ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311326 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4