In the past I've used the CodeCleaner custom tag to scrub form inputs. Recently I've expanded my use of CFQUERYPARAM to include values in SQL UPDATE and INSERT statements, rather than just for the WHERE clause.
Does cfqueryparam eliminate the need to scrub the code? My gut feeling is 'yes' for cfsqltype=cf_sql_numeric and an emphatic 'NO' for cfsqltye=cf_sql_varchar. Any confirmation/correction would be appreciated. --Matt-- ______________________________________________________________________ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
