Jul 31 2008
ColdFusion, Security, SQL
I have confirmed at least 16,000 individual cfquery tags which have been protected from SQL injection vulnerabilities by having cfqueryparam added to them.I am confident the actual number is much, much higher due to the small number of people who actually contacted me. I'd say it was a success, but it doesn't end here. If you are changing and adding to your code base you should always be checking for missing cfqueryparams. If you fixed up queries in your app and forgot to give me a count of how many database calls you secured; go ahead and let me know so I can add it to the total.