Hmmm, can you confirm for certain if the error is happening before or after the proc gets called? Can you provide us with a stack trace of where the error happened? Also, is this the null pointer error or are you still having that permissions denied one you started the thread with?
As far as the SQLi, you know your app best so we'll let you decide what is safe. I guess I would ask myself two main questions: 1) Where are the table, column, and "where clause" inputs originating from? The client, or the server? Also, is there any way that cookie, form, url, or cgi variables could affect them? 2) What happens when you user enters a string with a single quote in it or an escaped quote? SQL concatenation can be dangerous if not cleaned properly. Since you are on MySQL, here some semi-random articles you might find interesting: http://www.codersrevolution.com/index.cfm/2008/7/13/Just-when-you-felt-safe-SQL-Injection-and-MySQL http://www.codersrevolution.com/index.cfm/2008/8/17/Disabling-MySQLs-Backslash-Escaping-Per-Data-Source ~Brad -------- Original Message -------- Subject: Re: ajaxCFC Access Denied From: David Torres <djt...@yahoo.com> Date: Thu, June 18, 2009 5:03 pm To: cf-talk <cf-talk@houseoffusion.com> Hello Brad, To your questions: The server uses MySQL. I wish I can use SQL Server. Here is the PROC. DELIMITER $$ This is not a webservice, and even if it is, I donât need to have the output result. I was using it as a way to check my SQL. There will no be a way for hackers to do any SQL injections because the way this work is that users type something on a text box and that will be used as the value to be inserted on the DB e.g. Finally I did fail to mention last time; the CFfunction is the one crashing.. It doesnât get to SP yet. I commented the OUT cfprocparam because it was complaining there, after I commented out that parameter, it started complaining about the one above. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:323684 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
