At 23.58 23/07/2002, you wrote: >Secondly, I do use cfqueryparam with MySQL -- I don't have anything in the >way of speedtesting, but I personally think I've seen a slight performance >gain, if not ... a peace of mind from attacks, escaping characters, etc.
More tedious code to write :-) Escaping single quote preserve from any attacks, with Mysql you can quote numeric field too. It does an auto cast to int for you. You don't need to write <cfqueryparam value="#form.integer#" cfsqltype="CF_SQL_INTEGER" maxlength="5">. IMHO this sintax produce illegible SQL query, loosing the beauty of ColdFusion where you are not forced to put a SQL statement inside a variable like PHP, ASP etc. Bye. -------------------------------------------------- FABIO SERRA - faser(at)faser.net PGP available -------------------------------------------------- ______________________________________________________________________ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm ------------------------------------------------------------------------------ Archives: http://www.mail-archive.com/cf-linux%40houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_linux or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
