Talk About Network

Google


Register and Login
Nick
Password
Register create new account Sign up is FREE and you can post replies, new topics, bookmark posts and more!
Recover lost password


Programming > ColdFusion > SQL Injection f...
Latest [ Topics | Posts ] Archive Post A New Topic Post a Reply
<< Topic < Post Post 1 of 2 Topic 1680 of 1694
 Post > Topic >>

SQL Injection fix in the IN condition

by research_stuff <learnstuff1@[EMAIL PROTECTED] > Sep 22, 2007 at 09:12 PM

Hi,

I was researching ways to prevent SQL Injection.

I found where to use cfqueryparm.  See below.

<cfquery ...>
SELECT *
FROM Customers
WHERE CustID=<cfqueryparam value="#URL.CustID#"
cfsqltype="CF_SQL_INTEGER">
</cfquery>

I can see the above if there is only value in the Where statement
condition.
But I have a Where statement where there is multiple conditions in the
IN condition.

For example:

Where fieldname IN (#value1#, #value2#, etc..)


How can the cfqueryparm be used?


Thanks in Advance.




 2 Posts in Topic:
SQL Injection fix in the IN condition
 research_stuff <learns  2007-09-22 21:12:49 
Re: SQL Injection fix in the IN condition
 "frank687@[EMAIL PRO  2007-09-23 14:53:07 

Post A Reply:
  Go here to Signup

AddThis Feed Button


About - Advertising - Contact - Frequently Asked Questions - Privacy Policy - Terms of Use - Signup
Contact
tan12V112 Wed Jul 23 21:30:32 CDT 2008.