issue with portcullis.cfc(sql injection)

Posted on 2009-04-24
Last Modified: 2013-12-20
Hi ,

 iam having an issue with portcullis.cfc file i.e.., when i enter (select,delete or update) in the form
i.e in the input box and then when i enter Submit it is replacing the (select,delete or update) with the
[INVALID] but it is submitting to database and entering with [INVALID] can u please tell me how to
stop this. any help would be kindly appreciated
U Can download the opensource file from the link:
Question by:shariff_pasha
    LVL 15

    Assisted Solution

    Can U show me Your query how you doing it

    LVL 2

    Author Comment

    hi randhawa this is my adduser.cfm and application.cfm files please take a loop in to that and please convert them to .cfm and my problem is whenever a user enters sqlFilter,tagFilter and wordFilter(see portcullis.cfc ) in to the form it converts them to [INVALID] but i want to redirect them to error page whenever a user try to do a sql injection or xss.
    LVL 2

    Accepted Solution

    Hi i solved it myself by just redirecting when the text input has [INVALID].
    LVL 2

    Author Comment

    no reply from any experts
    LVL 2

    Author Comment

    no reply

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Suggested Solutions

    CFGRID Custom Functionality Series -  Part 1 Hi Guys, I was once asked how it is possible to to add a hyperlink in the cfgrid and open the window to show the data. Now this is quite simple, I have to use the EXT JS library for this and I achiev…
    Sometimes databases have MILLIONS of records and we need a way to quickly query that table to return the results me need. Sure you could use CFQUERY but it takes too long when there are millions of records. That is why SOLR was invented. Please …
    The purpose of this video is to demonstrate how to connect a WordPress website to Google Analytics. This will be demonstrated using a Windows 8 PC Go to your WordPress login page. This will look like the following: :…
    The purpose of this video is to demonstrate how to reset a WordPress password if you are locked out and cannot reset the password. A typical use would be if you cannot access the email to which WordPress would send the password recovery email to…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now