At 21.40 23/07/2002, you wrote: > > No. With <cfqueryparam> it works correctly as with UnixODBC and CF 5. In > > any case, I think this is not a correct behaviour. > > I would like to know if there is the same problem with MySQL. > > Bye. > >Why is this not the correct behavior? and, yes... MySQL is the same.
1) We have to understand who is responsible to escape special chars. CF, the programmer or the driver? IMHO is the driver. Single quote are escaped by the driver. When you use cf + access, sql server or Oracle you don't need to escape single quote like in PHP because the driver does the work. If the driver doesn't escape the special chars for the target database, what does it means? I think it means that the driver is bugged. I'm sure that there are a lot of people, coming from other databases, that don't know this strange behavior with Mysql and PG. In CFdocs should be well written because it's very easy to do a sql injection. In any case, I think that the driver (or maybe CF) must to escape the back slash too. 2) <cfqueryparam> is useful when you have to do a lot of insert with the same SQL statement because it is parsed only one time and the database can compile the query for later reuse. But <cfqueryparam> has not the same performance on all databases, instead if it's not well supported could slower the performance. In Oracle it can boost the performance, but in Mysql and PG I've never read something similar. Bye. -------------------------------------------------- FABIO SERRA - faser(at)faser.net PGP available -------------------------------------------------- ______________________________________________________________________ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm ------------------------------------------------------------------------------ Archives: http://www.mail-archive.com/cf-linux%40houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_linux or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
