cfqueryparam

Question

I'm reading about securing a site from sql injection and cfqueryparam is often recommended.

Does this sound like a good way to start ?

1. check every form element submitted for dangerous words and characters,

2. check to make sure those elements is the right type to match what is in the tables,

3. use cfqueryparams in the queries

Dan_Bracuk · Answer

cfqueryparam has many benefits and should always be used unless there is a reason not to. Validating user inputs to ensure that they meet your requirements is also a good idea which you should always do.

However, relying only on cfqueryparam for security is bad because it does nothing to protect you from script injection. Google "coldfusion xss protection" for more information on that.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded