Skip to content

mhenke/WebApper-ColdFusion-SQL-Injection

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
.project
.project
 
 
README.md
README.md
 
 
_parameterizeQueries.cfm
_parameterizeQueries.cfm
 
 

Repository files navigation

readme

Purpose

Seek out unparamaterized queries in ColdFusion templates and, at user's option, parameterize them.

Written by

Daryl Banttari dbanttari@gmail.com

Blog Post

http://www.webapper.com/blog/index.php/2008/07/22/coldfusion-sql-injection

Caveats

This will probably break some queries, especially if you do things like WHERE date > ‘#dateFormat(d)# #timeformat(d)#’ or WHERE NAME LIKE ‘#searchname#%’. USE WITH CAUTION! It’s best to test the changes before moving them into production. Remove the “.old” files once the site is confirmed as working well.

License

RELEASED TO THE PUBLIC DOMAIN. But feel free to credit Daryl Banttari with original authorship if you release it with modifications.

Git Workflow for Contributors

This project uses the excellent Git Workflow series by Bob Silverburg for contributions.

Dealing with line endings

Before contributing, please read this [http://help.github.com/dealing-with-lineendings/](http://help.github.com/dealing-with-lineendings/)

About

find and destrory un <cfqueryparam> queries

www.webapper.com/blog/index.php/2008/07/22/coldfusion-sql-injection

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages