avoid sql injection

Off late it has been found that sites are being hacked by passing malicious JS strings through the url. U can avoid u r database getting corrupted by using cfqueryparam for sql statements.

The following code snippets helps u to avoid such situations.

Paste this code in ur application page.

 

cfif cgi.SCRIPT_NAME contains “EXEC(” OR cgi.PATH_INFO contains “EXEC(” OR cgi.QUERY_STRING contains “EXEC(“><cfabort></cfif>

another method:-

<cfif #find(“script%”,CGI.QUERY_STRING)# gt 0 or #find(“Script%”,CGI.QUERY_STRING)# gt 0 or #find(“<“,CGI.QUERY_STRING)# gt 0 or #find(“>”,CGI.QUERY_STRING)# gt 0>No URL scripting is allowed – Aborting application !<cfabort></cfif>
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: