The query you wrote is not hackable via SQL injection. No changes need to be made to it.
-Mike Chabot On Mon, Mar 22, 2010 at 7:04 AM, Anthony Doherty <a.dohe...@advancesystems.co.uk> wrote: > > I have a site page that is only using the query below and the site keeps > getting hit by SQL hacks. I have looked through every SQL query and all the > queries are using <cfqueryparam value="#URL.???#" cfsqltype="cf_sql_numeric"> > so they cant be hacked. > > Can someone explain how I can amend this query so its not hackable?? > > <cfquery name="RS1" datasource="DS1"> > SELECT FEEDBACK.ID, FEEDBACK.FEEDBACK, FEEDBACK.LEFT_BY, County.County, > County.ID > FROM FEEDBACK INNER JOIN > County ON (FEEDBACK.COUNTY = County.ID) > </cfquery> > > Thanks > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:331939 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
