rlewis4424
asked on
how to create a safe cfinsert tag using parameters
My database has recently been hit with an slq injection. I've cleaned up the database, changed passwords, but need help figuring out how to change my cfinsert tags to use parameter, as well as my query tags.
Any other advice will be highly appreciated!!
Any other advice will be highly appreciated!!
<cfquery name="Update" datasource="Name_DB1">
UPDATE Admissions SET FName = '#form.Fname#' where RecNo = '#RecNo#'
</cfquery>
For the cfinsert, what I have is this:
<CFINSERT DATASOURCE="Name_DB1" TABLENAME="EmployeeTB"
FORMFIELDS="fname,lname">
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER