Anthony Doherty wrote onĀ 2010-03-22:
> I have a site page that is only using the query below and the site keeps
> getting hit by SQL hacks.  I have looked through every SQL query and all
> the queries are using <cfqueryparam value="#URL.???#"
> cfsqltype="cf_sql_numeric"> so they cant be hacked.

What makes you think that is susceptible to SQL injection attacks? To me it 
looks safe, maybe you missed to paste something (there were no variables in 
your query).

/H.

--
Hugo Ahlenius

-------------------------------------------------------------
Hugo Ahlenius            E-Mail: hugo.ahlenius(at)nordpil.com
                         Phone:                +46 75 7575284
Nordpil                  Fax:                   +46 8 6747020
http://nordpil.com       Mobile:               +46 733 467111
                         Skype:          callto:hugo.ahlenius

       vCard:    http://nordpil.com/hugoahlenius.vcf
------------------------------------------------------------- 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Want to reach the ColdFusion community with something they want? Let them know 
on the House of Fusion mailing lists
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:331929
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Reply via email to