Sunday, March 21, 2010    
Home My Books Blog ColdFusion About Me Back    

Calendar
<< Jul 2008 >>
S M T W T F S
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31    

Search

Categories
 • Acrobat (3) [RSS]
 • Adobe (90) [RSS]
 • AdobeMAX06 (45) [RSS]
 • AdobeMAX07 (59) [RSS]
 • AdobeMAX08 (66) [RSS]
 • AdobeMAX09 (39) [RSS]
 • AdobeMAX10 (1) [RSS]
 • AIR (219) [RSS]
 • Appearances (191) [RSS]
 • Books (72) [RSS]
 • CFEclipse (15) [RSS]
 • ColdFusion (1381) [RSS]
 • Data Services (34) [RSS]
 • Fish Tank (5) [RSS]
 • Flash (197) [RSS]
 • Flex (498) [RSS]
 • Home Automation (5) [RSS]
 • Jobs (116) [RSS]
 • JRun (14) [RSS]
 • Labs (43) [RSS]
 • LiveCycle (34) [RSS]
 • MAX (232) [RSS]
 • Mobile (120) [RSS]
 • Regular Expressions (17) [RSS]
 • RIA (21) [RSS]
 • SQL (40) [RSS]
 • Stuff (536) [RSS]
 • Tips (CF Studio) (80) [RSS]
 • Tips (CF) (795) [RSS]
 • Tips (Dreamweaver) (91) [RSS]
 • Tips (Flex Builder) (2) [RSS]
 • Using CF (162) [RSS]

Other BLOGs
 • Charlie Arehart
 • Lee Brimelow
 • Ray Camden
 • Christophe Coenraets
 • Sean Corfield
 • Mihai Corlan
 • Cornel Creanga
 • Mark Doherty
 • John Dowdell
 • Danny Dura
 • Enrique Duvos
 • Steven Erat
 • Kevin Hoyt
 • Serge Jespers
 • Adam Lehman
 • Duane Nickull
 • Miti Pricope
 • Andrew Shorten
 • Ryan Stewart
 • James Ward
 • Greg Wilson
 • Full As A Goog

RSS Feeds
 • Feed
 • Subscribe

Join my mailing list and find out about new books and other topics of interest.
Thoughts, ideas, tips, musings, and pontifications (not necessarily in that order) by Ben Forta ...
NOTE: This is my personal blog, and the opinions and statements voiced here are my own.

Viewing By Day : July 22, 2008 / Main
July 22, 2008

For Goodness Sake, Use CFQUERYPARAM Already!

Posted At : 9:31 PM
Related Categories: ColdFusion :

The use of <CFQUERYPARAM> as a means to enhance the security of ColdFusion applications (and also deliver a side benefit of improved performance) has long been advocated. But, judging by the number of sites that have been compromised by a recent spate of SQL injection attacks (that may in fact be targeting .cfm pages specifically), many have yet to apply this simple and effective enhancement.

I've discussed this subject repeatedly over the years. But, it's critical enough that I want to highlight a post I made 2 1/2 years ago entitled SQL Injection Attacks, Easy To Prevent, But Apparently Still Ignored.

Comments (1) | Trackbacks (0) | Print | Send | del.icio.us | Linking Blogs
TrackBacks
There are no trackbacks for this entry.

No trackback URL. Trackbacks are only allowed via interactive form.

[Add Trackback]
Comments
[Add Comment] [Subscribe to Comments]
As a wish list for the next version, I like the ideas of a function version for cfqueryParam, but not the syntax mentioned above.. I am lazy and like as little typing as possible.. how about a series of functions, one for each type:
where course_id = #queryParam_i(course_id)#
where the type is in the name.. _i is integer, etc. This would save 30 keystrokes with each use.
# Posted By Al | 10/15/09 4:54 PM
[Add Comment]

  © Copyright 1997-2009 Ben Forta, All Rights Reserved