Justin, That is a great piece of code, thank you for publishing it. I have a question about it.
In the process of it, you create a structure, use it, then delete that structure. If I am using an Application.cfc, would there be any benefit of putting the structure into the application scope, then never deleting it? If I did this and referred to this struct in your code, would this save on overhead time, since I wouldn't need to recreate the structure every page load? Thanks, William -----Original Message----- From: Justin Scott [mailto:jscott-li...@gravityfree.com] Sent: Friday, April 24, 2009 10:59 AM To: cf-talk Subject: RE: SQL Injection > We have one site on our server that was built about > 10 years ago. Today some bot is hitting the site and > appending their content to the content already in the > system. I can't figure out how or where they are > getting in. Anyone have any ideas how I can stop this. If you're sure it's SQL injection, start by implementing my basic protector available at: http://www.gravityfree.com/_SQLPrev.cfm.txt Next, run this against your files to find queries where CFQUERYPARAM isn't being used: http://qpscanner.riaforge.org/ Finally, implement CFQUERYPARAM on your queries to protect them against these attacks. Rinse and repeat as necessary. -Justin ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321949 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
