Support
- Advanced Backup
- Client Side
- Cloud Enterprise
- ColdFusion
- Captcha
- Cf Faq
- Cfc
- Cfcontent
- Cfmail
- Cfobject
- Cfsqlinjection
- Cftags
- Cfximagecr
- Customtag
- Dsnless
- Flash_form
- Reserved Words
- Tagsfunctions
- Cfusion
- Upgrade JVM for ColdFusion on Windows
- ColdFusion Error: Server monitoring and API is not available in this edition of ColdFusion Server
- Create a CFIDE mapping under IIS7
- Reset the ColdFusion Administrator password
- CFIDE FAQ
- Microsoft Access DSN in ColdFusion for 64-bit machines
- Using cfexchange tag with Hosted Messaging and Collaboration
- Create a CFIDE mapping under IIS6
- Use a Redirect Script in ColdFusion
- Access DSN on 64bit Windows ColdFusion
- Browseserver
- Configure Log Rotation for ColdFusion -out Logs
- Control Panel
- cPanel
- Customer Portal
- DNS Information
- Dedicated Servers
- DirectAdmin
- Domain Name
- dotDefender
- Dreamweaver
- FileCatalyst
- Front Page
- FTP
- General Information
- Hosted Exchange & SharePoint
- IIS6
- IIS7
- Juniper Netscreen Firewalls
- Linux
- List Server
- MIVA Merchant
- MySQL
- Patching / Server Updates
- phpMyAdmin
- Plesk
- Policies and Procedures
- Premium Spam Filtering
- Programming
- Ruby on Rails
- Search Engine Submission
- SharePoint 3
- SharePoint 2010
- SiteDesigner
- SmarterMail 3
- SmarterMail 4
- SmarterMail 5
- SmarterMail 6
- SmarterMail 7
- SmarterStats
- SmarterTrack
- SQL Server
- Secure Socket Layer (SSL)
- Uploading Your Website
- Video Tutorials
- Windows Server 2003
- Windows Server 2008
- Web Design
- WordPress
- Advanced Monitoring
- MediaWiki
- Enkompass
- Microsoft Outlook 2010
- Android
- Outlook Web Access
- Critical Availability Service
- NAS Data Transfer
- Customer Portal Demos
- Joomla
- Moodle
- Cloud Dedicated
- Gallery CMS
- phpBB
- Standard Monitoring
- Righteous Restore
- NAS (Network Attached Storage)
- Networking
- SmarterMail 8
- PCI Security Scan
- LinkTiger
- Windows Cloud VPS
- Linux Cloud VPS
- Linux VPS
- Windows VPS
- Hyper V
- ENSIM
- Alert Logic
- Webmin
- e107
- Vbulletin
- VPN
- Visual Vault
- Mozilla Thunderbird
- PyroCMS
- Active Directory
- Vmware Related
- Drupal
How do I protect my ColdFusion code from a SQL Injection?
The following article explains how to protect your ColdFusion code from a SQL Injection. The recent injection attacks that have been seen against Coldfusion coded sites takes advantage of vulnerabilities in improperly coded sites. These attacks can be mitigated by using cfqueryparam within your cfquery statements. This function will force your input to be of a certain type, eliminating the possibility of a malicious user from entering SQL statements.
To protect your CF code, use this function whenever you process dynamic data from a form or URL.
<cfqueryparam value="#URL.data"
cfsqltype="cf_sql_integer">
The above example will take data from a URL and verify the data is an integer. If it is not, it will display an error message.
More details about cfqueryparam can be found here.