Anyone who uses a url variable in a sql statement - even with cfqueryparm - is simply asking for trouble.
On Thu, Mar 7, 2013 at 1:18 PM, Russ Michaels <snake.li...@snakepit.net>wrote: > > Ok found an example for you. > > www.codersrevolution.com/index.cfm/2008/7/22/When-will-cfqueryparam-NOT-protect-me > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354894 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm