cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Exit
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
  • 한국 커뮤니티
0
Upvote

CFQUERYPARAM - Can it work without throwing an error?

sunshinerc
New Here ,
Mar 27, 2009 Mar 27, 2009
I am using CFQUERYPARAM with great success in application; my problem is all application errors are emailed to a queue that is closely watched by a supervisor. So unless I put a try/catch around every single query, I get an email whenever a hack attempt or badly formed variable is passed in an URL string to any page on the site. We are using the cferror tag (<cferror type="EXCEPTION"...) to catch errors thrown by ColdFusion. Any suggestions how I can make CFQUERYPARAM mismatches either not thrown or ignored by CFERROR?
TOPICS
Database access
1.0K
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

Dan_Bracuk
LEGEND , Mar 27, 2009 Mar 27, 2009
quote:
Originally posted by: sunshinerc
I am using CFQUERYPARAM with great success in application; my problem is all application errors are emailed to a queue that is closely watched by a supervisor. So unless I put a try/catch around every single query, I get an email whenever a hack attempt or badly formed variable is passed in an URL string to any page on the site. We are using the cferror tag (<cferror type="EXCEPTION"...) to catch errors thrown by ColdFusion. Any suggestions how I can m
...
Translate
replies 5 Replies 5
latest latest Jump to latest reply
-__cfSearching__-
Valorous Hero ,
Mar 27, 2009 Mar 27, 2009
You might have a look at what type of exception is thrown in these two cases (ie coldfusion.runtime.WrongSomethingException, ecetera). Assuming they are not broad types like java.lang.Exception, you could modify your error handler to ignore them.
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Dan_Bracuk
LEGEND ,
Mar 27, 2009 Mar 27, 2009
quote:
Originally posted by: sunshinerc
I am using CFQUERYPARAM with great success in application; my problem is all application errors are emailed to a queue that is closely watched by a supervisor. So unless I put a try/catch around every single query, I get an email whenever a hack attempt or badly formed variable is passed in an URL string to any page on the site. We are using the cferror tag (<cferror type="EXCEPTION"...) to catch errors thrown by ColdFusion. Any suggestions how I can make CFQUERYPARAM mismatches either not thrown or ignored by CFERROR?

Validate all user inputs before they get to your cfquery tag.
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Newsgroup_User
LEGEND ,
Mar 28, 2009 Mar 28, 2009
> Validate all user inputs before they get to your cfquery tag.

Agreed: this would be the best approach. The data should be being checked
as much as possible - especially if it's from user input, malicious or
otherwise - before getting to the point of trying to put it in the DB.

--
Adam
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
BKBK Community Expert
Community Expert ,
Mar 29, 2009 Mar 29, 2009
I get an email whenever a hack attempt or badly formed variable is passed in an URL string to any page on the site.

Count yourself lucky.

We are using the cferror tag (<cferror type="EXCEPTION"...) to catch errors thrown by ColdFusion. Any suggestions how I can make CFQUERYPARAM mismatches either not thrown or ignored by CFERROR?

You mean you want to be oblivious to the fact that a hacker is chiseling away at your site?

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
-__cfSearching__-
Valorous Hero ,
Mar 30, 2009 Mar 30, 2009
LATEST
In Response To BKBK
sunshinerc wrote:
my problem is all application errors are emailed to a queue that is closely watched by a supervisor

BKBK wrote:
> You mean you want to be oblivious to the fact that a hacker is chiseling away at your site?

It sounded as if they they just did not want their supervisor to be emailed in those conditions, and would send them to an alternate address. Though the obvious lack of validation should be corrected as well.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation
ColdFusion User Guide
Open in a new window
Copyright © 2025 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices