<cfparam type="date|numeric|string|boolean|UUID|..."> can be used for validating 
almost anything.  It's an underused function.

Sharon DiOrio

----- Original Message ----- 
From: "Justin Scott" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Friday, April 12, 2002 12:30 PM
Subject: Re: Preventing SQL injection attacks...?


> > won't execute SQL, but only evaluate it as a string input.  So if you're
> > expecting numbers, then validate, using isNumeric() or CFQueryParam.
> 
> Or if you know a value must be numeric, wrap a val() around it.  That will
> knock any text strings down to 0 and prevent an SQL error from being thrown,
> as well as allow your app to handle the empty record set just as if any
> other invalid numeric value had been tossed at it.
> 
> -Justin Scott, Lead Developer
>  Sceiron Internet Services, Inc.
>  http://www.sceiron.com
> 
> 
> 
______________________________________________________________________
Get the mailserver that powers this list at http://www.coolfusion.com
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Reply via email to