Hi Dave, Thanks for the reply.
>Second, and more importantly, using raw data from the browser like >that is a serious security vulnerability. Whenever you use unsafe data >within a query, you should build a prepared statement using the >CFQUERYPARAM tag: > >http://www.adobe.com/devnet/coldfusion/articles/cfqueryparam.html Thanks for the link. I see that you authored this article. Very well laid out. I understand SQL Injection and qhy to use CFQUERYPARAM. What I did not see in the article was how to take a CFSET statement that builds a SQL String and put CFQUERYPARAMS into it and make it work. Like: <cfset theSQL = "SELECT queryName, title, content FROM content WHERE queryName = '<cfqueryparam cfsqltype="cf_sql_varchar" value="#URL.queryName#">'" > How does one accomplish this? Thanks! -Jason ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:317688 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
