ColdFusion SQL Injection Attack Terror
October 22, 2007 12:24 PM Subscribe
ColdFusion MX 7 and Microsoft SQL Server 2005. There's a lot of unvalidated parameters in our CFQUERYs. But, I'm told that putting the parameters in single-quotes will prevent injection attacks, because of the way ColdFusion escapes single-quotes. Is this foolproof, or do I have to go in and validate everything with CFQUERYPARAM tags?