New and Improved, "SQL Injection Be Gone", FREE for ColdFusion Developers!

Posted At: August 8, 2008 11:55 AM

Posted By: Stephen Withington

Related Categories: ColdFusion, SQL

Are you tired of getting error messages like these in your email box?

Would you like to strangle the necks of those pesky hackers trying to inject their vile code into your database?

Are you a ColdFusion programmer or developer?

Then you're in luck! But you better act quick.

SQL Injection Be Gone! For an unlimited time only, simply pull out your bottle of CFQueryParam, spray, then watch as the hackers drop like flies.

And that's not all!

Act now and we'll throw in a bottle of VAL() functions at no extra charge! That's right, we said it folks, we're giving it away. Use it with your Form, URL or any other ID's in your WHERE statements along with CFQueryParam, and VOILA! No more messy emails to deal with.

What about Stored Procedures you ask? No problem, we've got something for you too! A lifetime supply of CFProcParam will squash those vile evil-doers and leave them lying on the floor gasping for air.

So what are you waiting for? Call now! Operators are standing by.

(This offer is free and not limited to the first 200 people that apply. Use at your own risk. May cause dizziness, inflammation of the fingers and headaches if you have several hundred queries to maintain. If condition lasts for more than 2 weeks, please call a more experienced ColdFusion developer. Offer not valid where prohibited by over-bearing managers. See the livedocs for more information. For emergencies, please visit Securing Database Access Using the CFQueryParam Tag or Learning Stored Procedure Basics in ColdFusion 8.)

Comments (4)

Related Blog Entries

Now That You've Changed Your CFQuery's to Use CFQueryParam, Get Rid of That Blue and Grey Screen (July 24, 2008)
Yes, Using CFQueryParam Can Protect Your Database From SQL Injection (Even With Strings!) (July 23, 2008)
Protect Your Database From SQL Injection (July 18, 2008)

Comments

hehe. Funny :)

# Posted By Jeff Coughlin | 8/8/08 12:42 PM

Funny, but not true. If you get an error message in your email it is likely because you already have a cfqueryparam. When you don't get the error messages means the hack was successful. :-)

# Posted By Tom | 8/8/08 2:29 PM

@Tom,
If someone is getting error messages via email, you're right, they _might_ be using cfqueryparam, but they would still want to rub a little val() or maybe even apply a little IsValid() on it ... don't you think?

# Posted By Stephen Withington | 8/8/08 2:52 PM

Stephen, excellent point. Never ever, ever, ever, cfquery without cfqueryparam. For the past two years I have been unable to type in a query variable without cfqueryparam. But wait, there's more, - using cfqueryparam: "enables ColdFusion to use bind variables in the SQL statement. Bind variable usage enhances performance when executing a cfquery statement multiple times."

# Posted By Stefan le Roux | 8/9/08 11:07 PM