How to prevent the injection of sql injections in a cold state in order according to the article

 <cfif refindnocas('^\w+ ?(desc|asc)?$', myVariable)> ORDER BY #myVariable# </cfif> 

or

 <cfset columnList = 'col1,col2,etc' /> <!--- might want to use in select as well ---> <cfset regexColList = replace(columnList, ',', '|', 'all') /> <cfif not refindnocas('^(#regexColList#) ?(desc|asc)?$', myVariable)> <cfset myVariable = "DefaultSort" /> </cfif> ORDER BY #myVariable# 

or

 ORDER BY #query_sort(myVariable, columnList, defaultSort)# ... <cffunction name="query_sort"> <cfargument name="sort" /> <cfargument name="columns" /> <cfargument name"default" /> <cfset var regexcolumns = replace(columns, ',', '|', 'all') /> <cfif refindnocas('^(#regexcolumns#) ?(desc|asc)?$', sort)> <cfreturn sort /> <cfelse> <cfreturn default /> </cfif> </cfargument> 

etc.