SQL injection How to stop it for CF code with an Access db

[newcow]

Hi,

I have read on the internet about SQL Interjections and I have gone about as far as I can in checking my coldfusion web application.

I have 3 public files, that the public can access with out being logged it.

I am wondering if there is any way to do sql interjections on the following three files?

http://www.carsinlondon.com/inventory.cfm

http://www.carsinlondon.com/p.cfm

http://www.carsinlondon.com/login.cfm

Or perhaps I should be asking what is the proper way to stop sql injection. My code is coldfusion and my db is access but I will be moving to mySQL or/and MS SQL soon.

newcow.

http://www.solutionswithservice.com

 

[zemp]

I don't know if this will help you with CF, but you can take a look at faq709-1526 for info on how to prevent SQL Injection with VB.

zemp

 

[zemp]

Sorry, not through VB but ADO.

zemp

 

[newcow]

Hi zemp,

Can you repost the link please, it seems to be bad.

newcow

http://www.solutionswithservice.com

 

[zemp]

Link seems to work fine. It should take you to a faq called 'Single-Quotes are causing problems!'. SQL injection is discussed about half way down.

The faq is about using ADO parameters instead of straight SQL.

faq709-1526

zemp