Loving QueryParam Scanner

Posted At : September 18, 2008 7:30 AM | Posted By : Steve
Related Categories: ColdFusion

When the recent spat of SQL Injection attacks starting hitting the ColdFusion community recently, I actually felt pretty safe. I thought to myself, "I have been using <cfqueryparam> for years. Every query that I have written since before I started working for myself has been safe from SQL injection attacks."

Print |

Digg It! |

Linking Blogs | 3508 Views

Comments (Comment Moderation is enabled. Your comment will not appear until approved.)

[Add Comment]

Thanks Steve! :)

I have now released v0.7 which (amongst other things), adds an "ignore built-in functions" option which prevents false positives like #Val(...)# and similar.

Also, I think I made it display the queries by default now, so they are not hidden like before.

# Posted By Peter Boughton | 9/23/08 12:23 PM

Peter,

Those enhancements look great! If I were going to ask for any improvements, those would be the ones I would request.

Thanks for your hard work!

# Posted By Steve Bryant | 9/23/08 1:38 PM

The QueryParam scanner is a great tool.

May I request one enhancement to it?
I wish there were a way to make it ignore the commented code.

# Posted By Jalpesh Patel | 9/3/10 9:14 AM

[Add Comment]

Archives By Subject

Brownfield Development (1) [RSS]
CF_BlogPicks (50) [RSS]
CF_DMQuery (3) [RSS]
CFUG (9) [RSS]
CodeCop (7) [RSS]
ColdFusion (154) [RSS]
ColdFusion Builder (2) [RSS]
com.sebtools (45) [RSS]
CSS (21) [RSS]
DataMgr (83) [RSS]
Frameworks (13) [RSS]
Git (3) [RSS]
HTML (11) [RSS]
JavaScript (9) [RSS]
Layout Components (5) [RSS]
Mailer.cfc (9) [RSS]
Neptune (8) [RSS]
Neptune Programs (4) [RSS]
OO Principles (9) [RSS]
Page Controller (6) [RSS]
Personal (27) [RSS]
Productivity (14) [RSS]
Railo (2) [RSS]
RSS Reader (1) [RSS]
sebtags (19) [RSS]
SpamFilter (7) [RSS]
SQL (16) [RSS]
StarterCart (2) [RSS]
SVG (1) [RSS]
Testing (7) [RSS]
Usability (15) [RSS]
Web Servers (4) [RSS]
Windows (1) [RSS]

Badges

Calendar

Latest from MXNA

Feed temporarily down.

NAVIGATION

Blog Home
Site Home

Recent Entries

No recent entries.

Recent Comments

Pluralizing in ColdFusion
Steve Bryant said: James, Sorry I missed your comment earlier. I haven't compared to other libraries. I didn't even kn... [More]

Pluralizing in ColdFusion
James Moberg said: Have you compared the results with other libraries? I use an inflector CFC and I see that some of t... [More]

Git Branching Strategy for Web Development
Thomas said: Hi Steve, thanks a lot for this post. While considering Git Web Flow for our branching strategy, t... [More]

Getting Around Windows 7 "Destination Path Too Long" Error When Deleting Files
MxP said: The above robocopy command worked like a charm! I had a deeply nested folder structure that I wante... [More]

New Open Source ColdFusion Shopping Cart
Paul said: I gave up on this after all kinds of pathing issues. Couldn't be bothered tracing where to change th... [More]

RSS

Search

Subscribe

Enter your email address to subscribe to this blog.

Tags

cf_blogpicks coldfusion com.sebtools css datamgr frameworks html personal productivity sebtags sql usability

BlogCFC was created by Raymond Camden. This blog is running version 5.8.001.