Egads, no - just specific values passed from one page to another, and then to a query.
I should mention that none of these attacks SUCCEEDED - don't want to get the vultures circling. But they generate a lot of errors and I can see a potential avenue of attack by that route. -----Original Message----- From: Mike Chambers [mailto:[EMAIL PROTECTED]] Sent: Friday, April 12, 2002 8:44 AM To: CF-Talk Subject: RE: Preventing SQL injection attacks...? can you give some more information? are you passing entire SQL queries from page to page? or is there just specific values that are passed between pages and then used by an existing SQL query? mike chambers [EMAIL PROTECTED] > -----Original Message----- > From: Ian Lurie [mailto:[EMAIL PROTECTED]] > Sent: Friday, April 12, 2002 11:30 AM > To: CF-Talk > Subject: RE: Preventing SQL injection attacks...? > > > That's what I thought. > > Man, you think you're an expert, and then some 13 year old > somewhere makes you feel like a punk again :) > > Is there a good paper on Macromedia.com about this? I read > some of the stuff but nothing seemed really on-point... > ______________________________________________________________________ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists