> I would think there would be some way these functions would > work to prevent passing invalid data to a cfsqlparam with type > cf_sql_integer but I couldn't find a way that didn't allow something > illegal through.
If I know a variable is supposed to be an integer (usually a primary key), I will do: <cfparam name="url.id" default="0"> <cfset url.id = abs(val(trim(url.id)))> This will force the value to a positive integer or zero. If you just want to test the variable to see which search type should be triggered: <cfif abs(val(trim(url.id))) eq url.id)> <!--- Is positive integer ---> <cfelse> <!--- Not so much ---> </cfif> If people are entering values that could include dollar signs and commas that need to be considered, a regex to remove non-numeric characters (expect perhaps a period) would probably be the better choice, or at least a replaceList() to remove the commonly used but undesired characters before passing it through a sanitizer. At one point (years ago) Google was hitting pages and throwing very large numbers into some integer URL variables which caused an out-of-range error and I even added a min() function with the resulting "sanitized" value and 2000000000 as the parameters to keep the value in range, though I haven't seen that for a while, but something to keep in mind if you see an error like that come up. -Justin ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:350780 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
