Anthony Doherty wrote onĀ 2010-03-22:
> I have a site page that is only using the query below and the site keeps
> getting hit by SQL hacks. I have looked through every SQL query and all
> the queries are using <cfqueryparam value="#URL.???#"
> cfsqltype="cf_sql_numeric"> so they cant be hacked.
What makes you think that is susceptible to SQL injection attacks? To me it
looks safe, maybe you missed to paste something (there were no variables in
your query).
/H.
--
Hugo Ahlenius
-------------------------------------------------------------
Hugo Ahlenius E-Mail: hugo.ahlenius(at)nordpil.com
Phone: +46 75 7575284
Nordpil Fax: +46 8 6747020
http://nordpil.com Mobile: +46 733 467111
Skype: callto:hugo.ahlenius
vCard: http://nordpil.com/hugoahlenius.vcf
-------------------------------------------------------------
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Want to reach the ColdFusion community with something they want? Let them know
on the House of Fusion mailing lists
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:331929
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
