I have a site page that is only using the query below and the site keeps getting hit by SQL hacks. I have looked through every SQL query and all the queries are using <cfqueryparam value="#URL.???#" cfsqltype="cf_sql_numeric"> so they cant be hacked.
Can someone explain how I can amend this query so its not hackable?? <cfquery name="RS1" datasource="DS1"> SELECT FEEDBACK.ID, FEEDBACK.FEEDBACK, FEEDBACK.LEFT_BY, County.County, County.ID FROM FEEDBACK INNER JOIN County ON (FEEDBACK.COUNTY = County.ID) </cfquery> Thanks ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:331928 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm