• Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL
Help

Chapter 5.  Accessing Databases Using... >  Using the <CFQUERYPARAM> Tag

Using the <CFQUERYPARAM> Tag

Some database-management systems allow you to send multiple SQL statements in a single query. Certain security issues arise when you pass parameters in a query string. In many IDEs, including ColdFusion, a dynamic query can append malicious SQL statements to existing queries.

When you allow a query string to pass a parameter, such as the URL, you need to ensure that only the expected information is passed. For example, the following ColdFusion query contains a WHERE clause, which selects those database entries that match the last name specified in the LName field of a form:


PREVIEW

                                                                          

Not a subscriber?

Start A Free Trial


  
  • Creative Edge
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint