Sorcerer's Isle

Open Source tools for software development

QueryParam Scanner

QueryParam Scanner (qpScanner) is a tool designed to identify possible SQL injection risks in CFML queries.

GPL v3
Latest Stable:
v0.7.5, 8 January 2013
Latest Preview:
rc0.8, 29 June 2013 (announcement)
CF v9 or above, Railo v3 or above, Lucee v4.5 or above
(For CF8, CFMX7 and OpenBD support, use v0.7.3)

Eclipse Plugin

If you use an Eclipse-based IDE, there is a plugin which connects to a qpScanner instance and uses it to scan selected files and/or directories.

The plugin also enables you to configure default and per-project settings.

It is available as a JAR download.


The current release of qpScanner has the following features:

If there are other features you would like, please raise them using the GitHub issue tracker.