Oh wow! That's cool, I've used fcdeditor for years! Love that extension.
>On Thu, May 27, 2010 at 5:17 PM, Matthew Lowrey wrote:
>
>
>They use to make dreamweaver extension for a few different things. A rich
>text editor like cftextarea or fckeditor and some other e-commerce related
>plug-ins
On Thu, May 27, 2010 at 5:17 PM, Matthew Lowrey wrote:
>
> Thanks everyone, I was pretty sure the answers you gave were totally
> expected. The code is some legacy code I or my boss is not sure is being
> used and what it's being used for. It's some third party code (according to
> the comment
Thanks everyone, I was pretty sure the answers you gave were totally expected.
The code is some legacy code I or my boss is not sure is being used and what
it's being used for. It's some third party code (according to the comments)
Copyright InterAKT Online 2000-2005 tNG.cfc is the main file
I am sure others will have a _lot_ more to say on the subject. But here is my
$0.02
> can you put a cfqueryparam around the variable above?
No. Cfqueryparam is used for parameter _values_. It prevents whatever value you
pass in from being executed as part of the parent sql statement. So
> We have been working to secure our cfquery statements throughout our site
> using
> cfqueryparam and I have come upon the following format:
>
> password="#Request.password#">
> #PreserveSingleQuotes(sql)#
>
>
> My question is, (and I'm pretty sure it's no, but had to ask anyway) can you
> p
> You would need to put the cfqueryparam in the code that builds the sql
> variable.
Actually, that won't work. The only place you can use CFQUERYPARAM is
within a CFQUERY tag.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
http://training.figleaf.com/
Fig Leaf Software is a Veteran
well in that format there's no cfqueryparam sql injection protection.cause
you're accepting whatever's in the variable.
why do you have it that way? that's a very bad performance because there's no
execution plan caching, no query caching.
cfqueryparams cannot exist outside of a cfquery
You would need to put the cfqueryparam in the code that builds the sql
variable. Also, username and password aren't required in the cfquery
statement if they are defined in the datasource.
On Thu, May 27, 2010 at 12:49 PM, Matthew Lowrey wrote:
>
> We have been working to secure our cfquery sta
We have been working to secure our cfquery statements throughout our site using
cfqueryparam and I have come upon the following format:
#PreserveSingleQuotes(sql)#
My question is, (and I'm pretty sure it's no, but had to ask anyway) can you
put a cfqueryparam around the variable above? If
9 matches
Mail list logo
