Fast question. Has anyone seen an injection attack that used a field other than an integer?
I've written a fast RegEx for use in Homesite (or any other regex using editor) that will find any query that has numeric 'looking' variables that are not in a cfqueryparam. While I have to change every variable not in a cfqueryparam, I'm trying to get the numerics first. Thanks -- Michael ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329638 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4