I am looking for a tool that will go through my coldfusion code and add cfqueryparam's where needed. I found many that will scan and show me where I need to make changes but I found one at http://www.webapper.com/blog/index.php/2008/7/22/ColdFusion-SQL-Injection which is pretty close to what I was looking for. But it doesn't add the cfsqltype (or maxlength) and I was wondering if this still prevents sql injection without cfsqltype? And if it is required (I know it is technically optional) do you know of another tool that will do this? I also read that it is also important to make sure that any variables in the order by clause are parameterized also, which this tool doesn't check for.
I am thinking of buckling down and changing the code from http://www.webapper.com/blog/index.php/2008/7/22/ColdFusion-SQL-Injection to do all this, but I thought it would be wise to ask first.