Can I still use stored procedures if the queries are completely dynamic? Dynamic tablename and fieldnames.
insert into #mytable# (#myfield1#,#myfield#) values(#myvalue1#,#myvalue2#) I do a bunch of preprocessing on the data to determin what fields they are and so forth and would be able to pass any required info to a stored procedure. But, is this something that would still benefit from a stored procedure? Brook At 06:06 PM 04/09/02 -0400, you wrote: > > I've been using the SQL NOCOUNT and Select @@identity to > > retrieve the ID of newly inserted rows. I recently (after > > the talk on this list yesterday -re: sql injection attacks) > > decided to update these inserts to use <cfqueryparam>. But > > it appears as though <cfqueryparam> does not support the > > use of the NOCOUNT declaration. I get an error that reads: > > > > " Could not find prepared statement with handle -1. " > > > > Does this mean it is not possible to use the NOCOUNT feature > > to return the newly inserted ID? > > > > Also, is performance improved on an Insert operation? Is it > > worth considering adding another query to retrieve the recordID > > separately so that <cfqueryparam> can be used? Would this be > > a major performance hit? The insert operation is used extensively > > and could be the target of a hack attempt, which is why I tried > > to use the <cfqueryparam> format. I'm not sure now if I should > > go back to the regular insert where I can retrieve the ID and > > do the insert all in one query, or implement the query using > > <cfqueryparam>' and a second query to get the ID. Any suggestions > > are appreciated, thanks :) > >I suggest you use stored procedures instead, which will solve your problem, >and if you use them exclusively, will also allow you to further tighten >application security by limiting user rights to just the stored procedures. > >Dave Watts, CTO, Fig Leaf Software >http://www.figleaf.com/ >voice: (202) 797-5496 >fax: (202) 797-5444 > > ______________________________________________________________________ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
