On Tue, Aug 26, 2008 at 5:42 PM, Brad Wood wrote: > That is, unless you concatenate SQL in your stored procedure. > > http://www.codersrevolution.com/index.cfm/2008/7/22/When-will-cfqueryparam-NOT-protect-me
Perfect example, thanks! Yeah, dunno what I was thinking... parsing that stuff would be not un-hard. =] Ah, yes, not impossible... but screw that idea. I'll stick to cleaning up simple queries and whatnot. :op -- The scars of others should teach us caution. St. Jerome ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311650 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4