protection from sql attacks with regex++

Using information from a Ben Nadel atricle, jsStringFormat( htmlEditFormat()) seems to be catching insertions like b and escaping them. However, I have tried a number of regex routines from http://www.symantec.com/connect/articles/detection-sql-injection-and-cross-site-scripting-attacks plus

RE: protection from sql attacks with regex++

Uhm... cfqueryparam Robert Harrison Director of Interactive Services Austin Williams Advertising I Branding I Digital I Direct   125 Kennedy Drive,  Suite 100   I  Hauppauge, NY 11788 T 631.231.6600 X 119   F 631.434.7022   http://www.austin-williams.com Blog:

Re: protection from sql attacks with regex++

Unless you were using evaluate (column) name inside another query somewhere I am not aware of how that could be used for an injection On Aug 15, 2014 1:51 PM, Stephens, Larry V steph...@iu.edu wrote: Using information from a Ben Nadel atricle, jsStringFormat( htmlEditFormat()) seems to be

RE: protection from sql attacks with regex++

Doing that on everything. -Original Message- From: Robert Harrison [mailto:rob...@austin-williams.com] Sent: Friday, August 15, 2014 1:54 PM To: cf-talk Subject: RE: protection from sql attacks with regex++ Uhm... cfqueryparam Robert Harrison Director of Interactive Services

Re: protection from sql attacks with regex++

Doing that on everything. If you're parametrizing everything on the queries then what is the concern? -Justin ~| Order the Adobe Coldfusion Anthology now!