i want to keep my users from entering harmful html or sql code. I thought of use one of the two solutions. I just want to know If these are efficient answers. The first one would have to be expanded but the concept is there.
or
Code:
<cfset thecomments = #Replacelist(form.comments, "<, >", "<, >")#>
Code:
<cfset thecomments =#REReplaceNoCase (form.comments, '[^a-z0-9]', '', 'all')#>