Matt Robertson wrote: > In the past I've used the CodeCleaner custom tag to scrub form inputs. > Recently I've expanded my use of CFQUERYPARAM to include values in SQL > UPDATE and INSERT statements, rather than just for the WHERE clause. > > Does cfqueryparam eliminate the need to scrub the code? My gut feeling > is 'yes' for cfsqltype=cf_sql_numeric and an emphatic 'NO' for > cfsqltye=cf_sql_varchar. Any confirmation/correction would be > appreciated.
cfqueryparam eliminates the need for scrubbing. It might or might not, depending on your requirements, eliminate the need for trimming. Jochem ______________________________________________________________________ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
