Comments on: CFTextMate - Which Version Do I Download? http://www.cftextmate.com/2008/12/17/cftextmate-which-version-do-i-download/ ColdFusion meets Textmate, a developers dream come true Wed, 08 Sep 2010 02:09:54 +0000 http://wordpress.org/?v=2.6.5 By: rob http://www.cftextmate.com/2008/12/17/cftextmate-which-version-do-i-download/#comment-25594 rob Tue, 27 Jan 2009 05:24:23 +0000 http://www.cftextmate.com/?p=22#comment-25594 Thanks Chris, that's actually bill though not me :-), and I think it was just for demo purposes not actually running anywhere. However, you can never be too careful. Thanks for pointing it out Thanks Chris, that’s actually bill though not me :-), and I think it was just for demo purposes not actually running anywhere.

However, you can never be too careful. Thanks for pointing it out

]]> By: Chris http://www.cftextmate.com/2008/12/17/cftextmate-which-version-do-i-download/#comment-25593 Chris Tue, 27 Jan 2009 04:59:48 +0000 http://www.cftextmate.com/?p=22#comment-25593 Hi Rob, I tried to email but the contact link doesn't work. Just wanted to let you know that you've got a SQL injection vulnerability in your demo: http://cftextmate.com/coldfusion-textmate-screencast-1.html "select email from newsletter where email = '#trim(form.email)#'" If someone puts a string with ' in it for their email, it'll break your SQL and they can do nasty things. You should be using to get around this. It's also faster. Hi Rob,

I tried to email but the contact link doesn’t work.

Just wanted to let you know that you’ve got a SQL injection vulnerability in your demo:

http://cftextmate.com/coldfusion-textmate-screencast-1.html

“select email from newsletter where email = ‘#trim(form.email)#’”

If someone puts a string with ‘ in it for their email, it’ll break your SQL and they can do nasty things.

You should be using to get around this. It’s also faster.

]]>