Val(URL.id) passes the value of the URL.id, unless it's non-numeric, in
which case it passes a zero. Use like so:
WHERE ID = Val(URL.id)
-Cameron
--------------------
Cameron Childress
elliptIQ Inc.
p.770.460.1035.232
f.770.460.0963
--
http://www.neighborware.com
America's Leading Community Network Software
> -----Original Message-----
> From: Timothy Lynn [mailto:[EMAIL PROTECTED]]
> Sent: Monday, August 13, 2001 1:49 PM
> To: CF-Talk
> Subject: Re: URL Hack Fix??
>
>
> And on a related note.. What are the best ways to go about ensuring that
> the parameters passed are valid?
>
> Is a simple:
>
> cfif IsDefined("URL.id") AND IsNumeric(URL.id)
> do the query
> cfelse
> kick someone in the keister
> /cfif
>
> sufficient, or are there more sinister things to look for? (This of
> course assumes passing simple numeric values, which seems pretty
> commonplace).
>
> -Tim
>
> ----- Original Message -----
> From: "S R" <[EMAIL PROTECTED]>
> To: "CF-Talk" <[EMAIL PROTECTED]>
> Sent: Monday, August 13, 2001 12:43 PM
> Subject: URL Hack Fix??
>
>
> > another hack question. I've read Don Vawter's website on how to
> prevent this
> > type of attack. Someone told me at my work that there's an IIS patch
> that
> > prevents this. Is this true? I'm using IIS 4.0 and SQL 7.0 and SQL
> 2000 for
> > the backend. I want to go back and add these fixes to my CF pages, but
> if
> > there's a patch, I won't need to do it.
> >
> > Thanks
>
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
