Poul L. Christiansen writes:
> I could off course verify the input and reject it if it wasn't a number,
> but I have almost 2000 different queries with all sorts of input (yes,
> it's a big app.).
>
> Can't I somehow disable multiple queries pr. SQL string so that ;
> doesn't work?
>
> I don't know if this affects PHP apps.
It's not Coldfusion specific. It affects all web applications, regardless
of development platform that blindly plug form data into SQL queries
without checking it.
Brian
--
Brian Baquiran <brianb@edsamail.com>
http://www.baquiran.com/ AIM: bbaquiran
Work: +63(2)7182222 Home: +63(2) 9227123
I'm smarter than average. Therefore, average, to me, seems kind of stupid.
People weren't purposely being stupid. It just came naturally.
-- Bruce "Tog" Toganazzini