Tuesday, May 18, 2010

Please do not use the database examples for CFGRID!

Looking at the documentation for CFGRID today, I was reminded of something that really bugs me. If you look over some of the CFGRID examples they use dynamic sql, which is totally unsafe and vulnerable to sql injection. If forum posts are any indication, that same code is being used in live applications (unfortunately). So in case you were tempted, do not be lazy and copy straight out of the examples. If you want safe sql, you have to put in some work. Validate, scrub, lather, rinse, repeat.

0 comments:

  © Blogger templates The Professional Template by Ourblogtemplates.com 2008

Header image adapted from atomicjeep