cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Exit
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
  • 한국 커뮤니티
0
Upvote

cfqueryparam

Guest
Feb 21, 2011 Feb 21, 2011

I'm reading about securing a site from sql injection and cfqueryparam is often recommended.

Does this sound like a good way to start ?

1. check every form element submitted for dangerous words and characters,

2. check to make sure those elements is the right type to match what is in the tables,

3. use cfqueryparams in the queries

283
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 1 Reply 1
latest latest Jump to latest reply
Dan_Bracuk
LEGEND ,
Feb 21, 2011 Feb 21, 2011
LATEST

cfqueryparam has many benefits and should always be used unless there is a reason not to.  Validating user inputs to ensure that they meet your requirements is also a good idea which you should always do.

However, relying only on cfqueryparam for security is bad because it does nothing to protect you from script injection. Google "coldfusion xss protection" for more information on that.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation
ColdFusion User Guide
Open in a new window
Copyright © 2025 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices