SQL Injection

cfqueryparam / regular expression

by marcus 06/02/2010

Currently, I’m migrating a CF5/Win project to CFMX9/Linux. Apart from the usual path issues, the one who programmed this app yeeears ago did not protect *any single* form- or url-variable inside CFQUERY against misuse or even SQL-Injection. Not one syntax check, no CFQUERYPARAM… *sigh*

Read the full article →