Michael, Yes... Certain types of installations of MySQL are subject to character injection attacks.
http://www.coldfusionmuse.com/index.cfm/2008/2/22/sql-injection-on-a-charact er-field Mark A. Kruger, CFG, MCSE (402) 408-3733 ext 105 www.cfwebtools.com www.coldfusionmuse.com www.necfug.com -----Original Message----- From: Michael Dinowitz [mailto:mdino...@houseoffusion.com] Sent: Wednesday, January 13, 2010 5:34 PM To: cf-talk Subject: Re: Recent SQL Injection attacks Fast question. Has anyone seen an injection attack that used a field other than an integer? I've written a fast RegEx for use in Homesite (or any other regex using editor) that will find any query that has numeric 'looking' variables that are not in a cfqueryparam. While I have to change every variable not in a cfqueryparam, I'm trying to get the numerics first. Thanks -- Michael ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329639 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4