August 31, 2009

Prevent sql injection attacks in Coldfusion

Posted in SQL Injection Attacks at 4:07 pm by borawlings

Ben Forta, my guru, has a fantastic article on the prevention of SQL Injection attacks. In case you don’t know what what a SQL Injection attack is, it is a very insidious code injection technique that allows someone to embed sql statements within your code.

I like to check my parameters before passing them to the database as suggested by Ben. Here’s an example that validates a paramater being passed by a URL:

<cfquery …>
SELECT *
FROM Customers
WHERE CustID=<cfqueryparam value=“#URL.CustID#” cfsqltype=“CF_SQL_INTEGER”>
</cfquery>

Rate this:

Like this:

Be the first to like this post.

Permalink

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Not published)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

M	T	W	T	F	S	S
				Sep »
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30
31

Bobbi Rawlings' Blog

August 31, 2009

Prevent sql injection attacks in Coldfusion

Rate this:

Like this:

Leave a Reply Cancel reply

Categories

Pages

Blogroll

Favorite Coldfusion Sites

Related Links

Calendar

Follow “Bobbi Rawlings' Blog”