Errors In Database Driven Websites

While clicking on a poorly formed link to an article on HIPAA privacy enforcement (it's interesting .. but I'll let you go there and read it .. no comment from me for today) .. I stumbled on this error when I reached the site (as you will if you click on the heading above).

So what?  It reveals a security flaw that has been well known by coldfusion programmers for years.  As this Allaire Security Update from 2/99 suggests .. URL variables should not be use as variables in SQL statements directly.  Let's hope someone tells the programmers at Health Data Management that their database is vulnerable!