Two days ago security bulletin from Adobe indicated that Dreamweaver "server behaviors" that generate query code will leave you vulnerable to SQL injection attacks. It went on to say that the sky is blue, politicians are dishonest and Michael Jackson is a little odd. This is not news to anyone save Adobe. Using a wizard to generate query code is, at best, only a starting point. Server behaviors have been around for years and they have always generated lousy query code. Scrub the variables you pass to the query or use Cfqueryparam. I would add that the "work-around" example is pretty poor as well. Rather than detail it, I will refer you to Dave Carabetta's excellent blog article on the subject. The bulletin indicates upgrading to DW 8.02 will "fix" the problem. I have a feeling it will generate more code in need of a rewrite. Don't they have any actual CF programmers writing these behaviors?