That method only works for type="numeric" or type="boolean".
Pete Freitag ([EMAIL PROTECTED])
CFDEV.COM
ColdFusion Developers Resources
http://www.cfdev.com/
-----Original Message-----
From: John McCosker [mailto:[EMAIL PROTECTED]]
Sent: Friday, June 15, 2001 6:16 AM
To: CF-Talk
Subject: RE: URL Hacks
--->Another thing you can do which isn't to painful to make a habit of, is
use
--->the type attribute in <CFPARAM>
--->So if you have a query
--->SELECT * FROM images
--->where seldir=#url.seldir#
--->order by image_id
--->then you could precede it with :
---><cfparam name="url.seldir" type="numeric" default="0">
--->Then ColdFusion will throw an error if url.seldir isn't a number.
What if your url variable is a string dynamically outputted from a query?
-----Original Message-----
From: Rey Bango [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 14, 2001 4:11 AM
To: CF-Talk
Subject: Re: URL Hacks
Don,
I can sympathize man. Check out the CF_Scriptkill tag in the Allaire
developer's exchange. It should help out.
Rey Bango
Team Allaire...
----- Original Message -----
From: "Don Vawter" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Wednesday, June 13, 2001 7:10 PM
Subject: URL Hacks
> Having recently suffered (not too much fortunately) through an attempt of
a
> hacker to corrupt a database by embedding sql in url paramaters I have put
> together a few tips on preventing these attacks from being successful. I
> realize that this is not new (I first heard of if at least 2 years ago)
but
> sometimes a little reminder doesn't hurt because obviously the hackers are
> still out there.
>
> If anyone has any interest it is at: http://www.vawter.com/urlhack.cfm
>
> HTH
>
> Don Vawter
>
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
