SQL Injection Fix for ColdFusion

This is some code I modified from Ray Berry. It also checks the LEN of the querystring. So, if you pass big stuff through your querystring.. stop, or change the LEN to a different number.

Put this code in your application.cfm:

" or #cgi.query_string# contains "<" or #cgi.query_string# contains "char(40)" or #cgi.query_string# contains "char(41)" or #cgi.query_string# contains "char(60)" or #cgi.query_string# contains "char(62)" or #cgi.query_string# contains "char(37)" or #cgi.query_string# contains "char(91)" or #cgi.query_string# contains "char(93)" or #cgi.query_string# contains "char(94)" or #cgi.query_string# contains "]" or #cgi.query_string# contains "[" or #cgi.query_string# contains "^" or #cgi.query_string# contains "CAST" or #cgi.query_string# contains "DECLARE" or #cgi.query_string# contains "DEFINE" or #cgi.query_string# contains "EXEC" or #cgi.query_string# contains "@" OR len(cgi.querystring) GT 60>

" or #form.CFID# contains "<" or #form.CFID# contains "char(40)" or #form.CFID# contains "char(41)" or #form.CFID# contains "char(60)" or #form.CFID# contains "char(62)" or #form.CFID# contains "char(37)" or #form.CFID# contains "char(91)" or #form.CFID# contains "char(93)" or #form.CFID# contains "char(94)" or #form.CFID# contains "%" or #form.CFID# contains "]" or #form.CFID# contains "[" or #form.CFID# contains "^")>

" or #form.CFTOKEN# contains "<" or #form.CFTOKEN# contains "char(40)" or #form.CFTOKEN# contains "char(41)" or #form.CFTOKEN# contains "char(60)" or #form.CFTOKEN# contains "char(62)" or #form.CFTOKEN# contains "char(37)" or #form.CFTOKEN# contains "char(91)" or #form.CFTOKEN# contains "char(93)" or #form.CFTOKEN# contains "char(94)" or #form.CFTOKEN# contains "%" or #form.CFTOKEN# contains "]" or #form.CFTOKEN# contains "[" or #form.CFTOKEN# contains "^")>

#errorcode#
Your actions have triggered a message to the adminstrator.