Dave, The results seen in the previous thread bring up a question: why use cfqueryparam at all on form inputs that are not used in a WHERE clause, especially when a good input scrubber is already in use?
I can already see one answer: cfsqltype=cf_sql_numeric will throw an error if a sql injection is attempted. So use cfqueryparam on those. But what about cfsqltype=cf_sql_varchar? I can see a clear need for it in a WHERE clause, but with inputs? When a scrubber is already in use? What does it do in that specific case? --Matt Robertson-- MSB Designs, Inc. http://mysecretbase.com ______________________________________________________________________ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
