@Zackster beat me to itāand succinctly, while I was writing my āwall of textā here. Iāll still share it since I do offer a couple more ideas and resources that may help.
I assume, @purdue512, that youāre error handling is catching an error as thrown when cfqueryparam protects you from sql injection, which is great of course.
1] To your question of how to cause error handling to better manage the sending of a flood of such errors, some may want to say ādonāt send an email on EACH error, but instead track them in a db and then send an email at intervals SUMMARIZING a group of errorsā.
And there are in fact āerror handling frameworksā, some written in cfml and some as services (both easy to use), which can imbue that sort of intelligence and more into your error handling. I keep a list of those as a category of my cf411 list, specifically:
https://www.cf411.com/error
2] But still another way to go would be to instead block those kind of hack attempts BEFORE they get to the queries, using any of various OTHER forms of protection, whether at the app, web server, or web app firewall levels. I keep also a list of each such types of protection tools (and a couple more) at:
https://www.cf411.com/protection
3] But finally, the simplest path may seem to be that you could detect in the error handling that the error is a failure specifically of a cfqueryparam, then you could perhaps ignore sending an email about THATā¦but then you may miss ālegitā failures cause by code mistakes or user input errorsā¦
So then you may consider other options, like perhaps passing the input to any of the various cfml functions that āsanitizeā a given string, and so skip sending the error to yourself if the sanitized result differs from the original (meaning it failed the sanitization check)ā¦but that could be an unreliable approach for various reasonsā¦
Or you could choose to skip sending the error if generated from the same ip in several secondsā¦but then sometimes bad guys do things to change their ip address to hide from such checksā¦
So then weāre back to, āleave it to the error handling framework makers to alert those things outā. Thatās indeed part of why they exist, to āhandle thisā for us. I donāt know if all of them handle those last 3 issues specifically (and I donāt suspect any handle the second), but a couple are open source CFML, so one could add such new intelligence to them, to help other users.
Let us know if any of these help.