>>Like querying malicious data and using it in another cfquery without cfqueryparam.
As an extra safety feature, if your application does not use multiSQL statements at all, and depending on the type of database engine used, you could also streatly deactivate the multi statement facility. If you're using an Access database, you don't even have to deactivate it: there is NO multi statement facility. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359560 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
