I was just reading through this article on Adobe Devnet titled

Secure your ColdFusion application against SQL injection attacks, and I have a few issues with the article.

It occurred to me this morning that ScriptProtect can be a handy feature for globally catching a few forms of SQL Injection Attacks

WARNING - just like its inability to protect against all forms of XSS attacks this solution DOES NOT protect you from all SQL Injection attacks.

ColdFusion MX 7 has a new feature that lets you "lets you protect one or more variable scopes from cross site scripting (XSS) attacks". It can be turned on in the cfapplication tag using the scriptProtect attribute, or in the ColdFusion Administrator as a global setting.