Loving QueryParam Scanner
When the recent spat of SQL Injection attacks starting hitting the ColdFusion community recently, I actually felt pretty safe. I thought to myself, "I have been using <cfqueryparam> for years. Every query that I have written since before I started working for myself has been safe from SQL injection attacks."
I have now released v0.7 which (amongst other things), adds an "ignore built-in functions" option which prevents false positives like #Val(...)# and similar.
Also, I think I made it display the queries by default now, so they are not hidden like before.
Those enhancements look great! If I were going to ask for any improvements, those would be the ones I would request.
Thanks for your hard work!
May I request one enhancement to it?
I wish there were a way to make it ignore the commented code.