Use a cfif statement and a couple of functions so you can have information appear/disappear based on the date:

Functions used:

• now()
  the date and time right now.
• createdate ( year, month, day )
  The date with the supplied year, month and day.
• createDateTime (year, month, day, hour, minute, second)
  get specific with the date and time.

Example: show information as long as the current date is before June 1^st 2008. (until 11:59pm 5/31/2008).
There’s a deadline for the published information.

<cfif now() LT createdate(2008,6,1)>
Show this information
</cfif>

Example: show information only during the first seven days of June 2008
The information isn’t valid until a future date, and there’s a time limit on the information.

<cfif now() GT createdate(2008,5,31) AND now() LT createdate(2008,6,8)>
Show this information
</cfif>

Ben Forta’s blog has an entry about SQL injection attacks when using ColdFusion. Manuals and tutorials never talk about preventing these types of attacks, so I’m not surprised that there are still vulnerable sites.

In short, the vulnerability occurs when a site uses data in the URL to dynamically alter the SQL statement. Using a semicolon, allows a hacker to append another sql statement. This vulnerability occurs mostly with non-text fields. So anytime you’re referring to a key field which is usaually numeric.

The solution: (1) use cfparam to define the variable’s type, (2) the page should check that the url variable exists and makes sure it’s the expected type and (3) use cfqueryparam to explicitly define the varaiable’s value.

Resources:
Ben’s Post: SQL Injection Attacks, Easy to Prevent, But Apparently Still Ignored.
CF Cookbook post: How can I prevent SQL injection attacks?
Macromedia Security bulletin ASB99-04 Multiple SQL statments in dynamic queries.