Ooops, yes. Though you can possibly get around that with "bob\' OR 1=1 --" which gets escaped to "bob\'' OR 1=1 --" and so still has the problem (since the \' is treated as a single char).
But yeah, with numeric values there's no quotes/escaping involved. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:325502 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
