Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

QUERYPARAM_REQ message should reflect the cf tag version not the cf script version. #26

Closed
ryaneberly opened this issue Dec 5, 2014 · 2 comments
Closed

QUERYPARAM_REQ message should reflect the cf tag version not the cf script version. #26

ryaneberly opened this issue Dec 5, 2014 · 2 comments

Comments

@ryaneberly
Copy link
Contributor

QUERYPARAM_REQsetSql() statement should use .addParam() instead of #'s for security.

<cfquery name="outDocs" dbtype="query"> Select * From arguments.documents WHERE DocumentType = 'COLD' and TransactionType IN ('1','6') #orderBy# </cfquery>
@ryaneberly
Copy link
Contributor Author

Also this is a query of queries. The security issue around sql injection does not exist in query of queries.

ryaneberly added a commit that referenced this issue Jan 28, 2015
@ryaneberly
#26
4d4e809 
do not give CFQUERYPARAM_REQ message for QoQ
@ryaneberly
Copy link
Contributor Author

fixed message. and excluded rule for Query of Queries

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ryaneberly