If you work at all with ColdFusion and databases then you’ve probably heard of SQL Injection attacks. If you are a CF Developer and still don’t know what this is, then drop whatever you’re doing and go look it up immediately! Why, you ask?

An article was recently released in a nationally recognized hacking magazine that included an in depth article aimed at exposing security issues found in plenty of ColdFusion sites and servers on the Internet. This magazine is “Hacker Magazine” and the article can be found at http://www.0×000000.com/?i=610 - Attacking ColdFusion. One of the mentioned topics in this article are SQL Injections. There are, of course, some ways to avoid this common attack. Using CFQueryParam is a thing that should already be in your db query. If not, read this article: Pete Freitag’s Mastering CFQueryParam or To CFQueryParam or not to CFQueryParam by Charlie Griefer.

During a visit to the ColdFusion Developer’s Journal website today, I came across this excellent block of code included in a short article: How to prevent an SQL Injection attack. I thought our readers might get some really good millage out of this code and chose to get this much needed post out of my system.

If you find this post (or any other on this site) helpful in anyway please comment. I’d love to see how useful this is to our visitors!