SQL Injection Precautions in CF

**Limca** · 04-15-2006, 02:45 PM

Dear friends

I am interested to know precautionary measures in CF to prevent SQL Injection attacks, Kindly provide the required information.

Warm Regards.
Limca Guy

**Muhammad Haris** · 04-24-2006, 07:21 PM

Try to use clean codes and make sure you know a lot about SQL!

**techguru** · 04-25-2006, 11:06 AM

Here are few things I would do...

1. remove all embed sql statements... use stored procedures where ever possible..

2. have validations on all the fields and limit the lenght depending on the database tables.

3. keep range validator all the time on accepted values.

**Limca** · 04-25-2006, 12:09 PM

techguru

Thanks for the useful information regarding precautionary measures to prevent SQL Injection Attack. I will make sure to follow your recommended steps. I hope these will protect my code from unwarranted and malicious inputs.

Thanks again

**ashlee** · 04-26-2006, 01:54 AM

The precautions for sql injection in cold fusion are as under :

1. Limit use access.

2. Use function like stripquotes.

3. Remove culprit characters from sequences.

4. Use killchars function.

5. Limit the length of the user input.

6. Use Post instead of Get while submitting forms.

Hope so that would helpful..

Thanks
Ashlee

SQL Injection Precautions in CF

Thread Tools

Search Thread

SQL Injection Precautions in CF

hi

Share

Connect

Exforsys e-Newsletter

Subscribe and Get Free Bonus PDF Book

Network Security Risk Assessment and Measurement