Bud:
One recommended fix is:
WHERE ID = #VAL(URL.ID)#
best, paul
At 03:43 PM 6/6/01 -0400, you wrote:
> >Not necessarily true. Lets say you have a cfm page called test.cfm that
> >recieves an id via a url param and then selects data from it using select *
> >from <table> where id= #id#. If I knew the name of one of your tables (or
> >guessed it). I could alter the url to read
> >test.cfm?id=16;%20DELETE%20FROM%20Customers
>
>Well, that's not very reassuring. LOL
>
>I'm gonna be fixing some pages here right quick. This seems to do the
>trick at the top of the page.
>
><CFIF isdefined('ID') and (ID contains "DELETE" or ID contains
>"Update")><CFLOCATION url="#home#" addtoken="no"></CFIF>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
