I have a site page that is only using the query below and the site keeps
getting hit by SQL hacks. I have looked through every SQL query and all the
queries are using <cfqueryparam value="#URL.???#" cfsqltype="cf_sql_numeric">
so they cant be hacked.
Can someone explain how I can amend this query so its not hackable??
<cfquery name="RS1" datasource="DS1">
SELECT FEEDBACK.ID, FEEDBACK.FEEDBACK, FEEDBACK.LEFT_BY, County.County,
County.ID
FROM FEEDBACK INNER JOIN
County ON (FEEDBACK.COUNTY = County.ID)
</cfquery>
Thanks
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Want to reach the ColdFusion community with something they want? Let them know
on the House of Fusion mailing lists
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:331928
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
