How to prevent SQL injection in coldfusion?

Question

I pass data with Form to cfm action file, the action file
have cfquery to communicate with database.

What is happen if I pass sql statement (for instance delete)
from form to action page?

Do I have to write special code to prevent SQL injection in
coldfusion?

Thanks

Mark

Newsgroup_User · Answer

mark416 wrote:> I pass data with Form to cfm action file, the actionfile have cfquery to > communicate with database.> > What is happen if I pass sql statement (for instancedelete) from form to > action page?> > Do I have to write special code to prevent SQL injectionin coldfusion?> > Thanks> > Mark> The basic building block of SQL injection prevention inColdFusion is <cfqueryparam...>.This tells the database that this value is a parameter willalways be a parameter and never ever contain code. So the database willnever execute anything contained in the parameter. Assuming thedatabase supports bind parameters, which most do.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded