<cfparam type="date|numeric|string|boolean|UUID|..."> can be used for validating almost anything. It's an underused function.
Sharon DiOrio ----- Original Message ----- From: "Justin Scott" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Friday, April 12, 2002 12:30 PM Subject: Re: Preventing SQL injection attacks...? > > won't execute SQL, but only evaluate it as a string input. So if you're > > expecting numbers, then validate, using isNumeric() or CFQueryParam. > > Or if you know a value must be numeric, wrap a val() around it. That will > knock any text strings down to 0 and prevent an SQL error from being thrown, > as well as allow your app to handle the empty record set just as if any > other invalid numeric value had been tossed at it. > > -Justin Scott, Lead Developer > Sceiron Internet Services, Inc. > http://www.sceiron.com > > > ______________________________________________________________________ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists