Mastering CFQUERYPARAM

coldfusion If you haven't been using the cfqueryparam tag, chances are you had a baptism by fire this week. As you may have heard, lots of ColdFusion powered sites were targeted by hackers using SQL Injection this week.


This entry was:

Multiple Statements with MySQL and JDBC

databases Cameron Childress pointed out the allowMultiQueries setting in the MySQL JDBC driver on the CFGURU list. It is set to false by default to protect you from SQL Injection attacks.


This entry was:

Prepared Statements in PHP and MySQL

databases I'm working on a web security presentation, and I was curious to know if PHP supported prepared statements. It looks like as of PHP 5 they do support it with the new mysqli object (mysqli replaces the mysql class with support for mysql 4.


This entry was:

Save your self some typing

coldfusion If you want to save yourself some typing, note that cf_sql_varchar is the default value for the cfsqltype attribute in the cfqueryparam tag.

So you can omit the cfsqltype attribute, if your type is cf_sql_varchar at the expense of some readability.


This entry was:

6 Tags for ColdFusion beginners

coldfusion The ColdFusion Developers Journal has an article called: CF Six Pack by Greg Cerveny which lists 6 tags new developers should be using.

I pretty much agree with all the tags on the list, except for cfsetting, I think if your a newbie, just enable whitespace suppression in the CF admin.


This entry was:

foundeo


did you hack my cf?