I hereby decree, in the name of all that doesn't suck, that from this day forth this thread will be hereby named "The thread formally known as the SQL injection attack on House of Fusion ".
~G~ On Tue, Aug 26, 2008 at 4:46 PM, Andy Matthews <[EMAIL PROTECTED]>wrote: > Can someone PLEASE change the title of this thread??? > > -----Original Message----- > From: Dave Watts [mailto:[EMAIL PROTECTED] > Sent: Tuesday, August 26, 2008 3:01 PM > To: CF-Talk > Subject: RE: SQL injection attack on House of Fusion > > > It doesn't work with stored procedures (which shouldn't matter, 'cause > > I think they are type-checked by the DB first > > anyways) > > Well, not necessarily. As Mark pointed out when this thread started - it > feels like it was long, long ago - if you're calling a stored procedure > from > CFQUERY you have to check your variables there too. If you're using > CFSTOREDPROC, that builds a prepared statement that calls the stored > procedure for you, and you don't have to worry about it. > > Dave Watts, CTO, Fig Leaf Software > http://www.figleaf.com/ > > Fig Leaf Software provides the highest caliber vendor-authorized > instruction > at our training centers in Washington DC, Atlanta, Chicago, Baltimore, > Northern Virginia, or on-site at your location. > Visit http://training.figleaf.com/ for more information! > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311644 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
