Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fixed potential SQL exploit
  • Loading branch information
aaron.otaku@gmail.com committed Feb 7, 2011
1 parent 7be8aa6 commit d156faf
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion content/2-Community/articles.cfm
Expand Up @@ -58,6 +58,7 @@
</cfquery>
<cfset url.story = #ThisStory.id#>
<cfelse>
<cfset url.story = int(url.story)>
<cfquery name="ThisStory" datasource="#DSN#">
SELECT *
FROM cms_news
Expand Down Expand Up @@ -105,7 +106,8 @@
SELECT *
FROM cms_comments
WHERE story = #url.story#
ORDER BY id ASC
ORDER BY id DESC
LIMIT 25
</cfquery>

<div class="boxContent">
Expand Down

0 comments on commit d156faf

Please sign in to comment.