CFLib.org – Common Function Library Project

sqlSafe(string)

Last updated May 26, 2005
Download UDF

author

Bryan Murphy Bryan Murphy

Version: 1 | Requires: ColdFusion 5 | Library: DatabaseLib

Description:
Cleans a provided string of chars that could be potentialy used in a SQL injection attack. Replaces them with unicode. From Sept 2004 ColdFusion Developers Journal.

Return Values:
Returns a string.

Example:

<cfset username = sqlSafe(form.username)>

Parameters:

Name Description Required
string String to modify. Yes

Full UDF Source:

<cfscript>
/**
* Cleans string of potential sql injection.
*
* @param string      String to modify. (Required)
* @return Returns a string.
* @author Bryan Murphy (bryan@guardianlogic.com)
* @version 1, May 26, 2005
*/
function metaguardSQLSafe(string) {
var sqlList = "-- ,'";
var replacementList = "#chr(38)##chr(35)##chr(52)##chr(53)##chr(59)##chr(38)##chr(35)##chr(52)##chr(53)##chr(59)# , #chr(38)##chr(35)##chr(51)##chr(57)##chr(59)#";

return trim(replaceList( string , sqlList , replacementList ));
}
</cfscript>

Search CFLib.org


Latest Additions

Raymond Compton Raymond Compton added
structBlend
19 day(s) ago

Duncan Duncan added
IsZIPUK
19 day(s) ago

Todd Sharp Todd Sharp added
getTagContentAll
25 day(s) ago

Gerald Guido Gerald Guido added
ListReturnDuplicat...
1 month(s) ago

Gerald Guido Gerald Guido added
ListReturnDuplicat...
1 month(s) ago

Created by Raymond Camden / Design by Justin Johnson

Copyright 2008, All Rights Reserved
Submit A UDF | RSS