> i will have to take your word for it since i have probably
> never use cfquery param, nor intend to. i personally always
> use stored procedures and i do all of my validation myself.
> if cfqueryparam works for you, then use it and god bless. i
> have been taught differently and personally i
pm
Subject: RE: RE: RE: Preventing SQL injection attacks...?
> i will have to take your word for it since i have probably never
> use cfquery
> param, nor intend to. i personally always use stored procedures
> and i do all
> of my validation myself. if cfqueryparam works for you,
think i would
trust it.
Anthony Petruzzi
Webmaster
954-321-4703
[EMAIL PROTECTED]
http://www.sheriff.org
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, April 12, 2002 3:24 PM
To: CF-Talk
Subject: Re: RE: RE: Preventing SQL injection attacks...?
N
No, it won't.
It'll produce the SQL equivalent of:
select * from mytable where username = 'tony ''drop table tablename --'
- Original Message -
From: [EMAIL PROTECTED]
Date: Friday, April 12, 2002 11:46 am
Subject: RE: RE: Preventing SQL injection attacks...?
> still. if i had the valu
4 matches
Mail list logo