Nope, in this case it is just that simple, actually with a lot of CF
it's just simple, thats why we all love it after all! :-)
~|
Check out the new features and enhancements in the
latest product release - download the "What's Ne
WHERE pa_name like
..:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.
Bobby Hartsfield
http://acoderslife.com
-Original Message-
From: Les Mizzell [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 11, 2007 12:34 PM
To: CF-Talk
Subject: Re: How to protect this query?
I guess I'm a little uncle
> WHERE pa_name like
The percent signs aren't escaped? I thought they were and it wouldn't work.
I haven't tested this - let me check. Seems too simple, huh?
~|
ColdFusion is delivering applications solutions at at top companie
You should be able to straight up replace the part after like with a
cfqueryparam. Keep the percent signs in and everything.
-Original Message-
From: Les Mizzell [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 11, 2007 11:22 AM
To: CF-Talk
Subject: How to protect this query?
I'm work
Just LIKE this, sorry could not resist:
WHERE pa_name like
~|
Check out the new features and enhancements in the
latest product release - download the "What's New PDF" now
http://download.macromedia.com/pub/labs/coldfusion/cf
I guess I'm a little unclear on how to use a "like" with cfqueryparam.
> I'd change the select * to a specific list of columns, and replace the
> '%... with a cfqueryparam as you well know.
>
>
> On 9/11/07, Les Mizzell <[EMAIL PROTECTED]> wrote:
>> I'm working my way through some legacy sites
I'd change the select * to a specific list of columns, and replace the
'%... with a cfqueryparam as you well know.
On 9/11/07, Les Mizzell <[EMAIL PROTECTED]> wrote:
> I'm working my way through some legacy sites that have queries that need
> a little securing from SQL injection attacks. Most of
7 matches
Mail list logo