There are dozens of different ways to be a victim of an SQL injection attack. This article offers a more example-driven approach to learning about SQL Injection and how to avoid it.
cfqueryparam in order by, group by, etc
I've seen quite a few posts on this, many come to the same conclusion that using a (possibly length) switch statement is the best way…