Link to home
Create AccountLog in
Avatar of rlewis4424
rlewis4424

asked on

how to create a safe cfinsert tag using parameters

My database has recently been hit with an slq injection. I've cleaned up the database, changed passwords, but need help figuring out how to change my cfinsert tags to use parameter, as well as my query tags.
Any other advice will be highly appreciated!!  
<cfquery name="Update" datasource="Name_DB1">
          UPDATE Admissions SET FName = '#form.Fname#' where RecNo = '#RecNo#' 
          </cfquery>
 
For the cfinsert, what I have is this:
 
<CFINSERT DATASOURCE="Name_DB1" TABLENAME="EmployeeTB" 
FORMFIELDS="fname,lname">

Open in new window

ASKER CERTIFIED SOLUTION
Avatar of SidFishes
SidFishes
Flag of Canada image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of rlewis4424
rlewis4424

ASKER

Thanks so much!