pete_freitag wrote
You can avoid the risk of SQL Injection by sanitizing the variable, for example something like this:
<cfparam name="empid" type="regex" pattern="^[a-zA-Z0-9]+$" default="0">
Thanks this looks something I can try and see Veracode lowers the severity to low.
Much appreciated. I'll update here once I have scan results.
