Anthony Doherty wrote onĀ 2010-03-22: > I have a site page that is only using the query below and the site keeps > getting hit by SQL hacks. I have looked through every SQL query and all > the queries are using <cfqueryparam value="#URL.???#" > cfsqltype="cf_sql_numeric"> so they cant be hacked.
What makes you think that is susceptible to SQL injection attacks? To me it looks safe, maybe you missed to paste something (there were no variables in your query). /H. -- Hugo Ahlenius ------------------------------------------------------------- Hugo Ahlenius E-Mail: hugo.ahlenius(at)nordpil.com Phone: +46 75 7575284 Nordpil Fax: +46 8 6747020 http://nordpil.com Mobile: +46 733 467111 Skype: callto:hugo.ahlenius vCard: http://nordpil.com/hugoahlenius.vcf ------------------------------------------------------------- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:331929 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm