cool. maybe its just time to read up on the details. esp. since im breaking down and taking the cfmx exam @ max2003
DAMMIT! must read2E tony weeg sr. web applications architect navtrak, inc. [EMAIL PROTECTED] www.navtrak.net office 410.548.2337 fax 410.860.2337 -----Original Message----- From: Mark A. Kruger - CFG [mailto:[EMAIL PROTECTED] Sent: Thursday, September 04, 2003 12:12 PM To: CF-Talk Subject: RE: <cfquery syntax Tony, The <cfqueryparam> tag supports list syntax - use a LIST="YES" attribute a la: <cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#ipAddressNumberString#" LIST="YES"> -----Original Message----- From: Tony Weeg [mailto:[EMAIL PROTECTED] Sent: Thursday, September 04, 2003 10:58 AM To: CF-Talk Subject: RE: <cfquery syntax so in this scenario... select * from reports where date = '#date#' and IpAddressNumber in (#IpAddressNumberString#) what would I use? select * from reports where date = '#date#' and IpAddressNumber in (<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#ipAddressNumberString#">) where ipAddressNumberString is simply a comma delimited list? thanks... tony weeg sr. web applications architect navtrak, inc. [EMAIL PROTECTED] www.navtrak.net office 410.548.2337 fax 410.860.2337 -----Original Message----- From: Tyler Silcox [mailto:[EMAIL PROTECTED] Sent: Thursday, September 04, 2003 11:30 AM To: CF-Talk Subject: RE: <cfquery syntax One more tip: If you're using CF Studio/HomeSite, create a few Code Templates (snippets) and you'll save some awkward typing (and some reference lookups - I've only seen the cfsqltypes defined for the major DBs in Forta's WACKs, and they differ between the dbs and even from common sense in some of the cases). I have the following set up for MS-SQL data types: qpbit - <cfqueryparam cfsqltype="CF_SQL_BIT" value="#|#"> qpblob - <cfqueryparam cfsqltype="CF_SQL_BLOB" value="#|#"> qpdate - <cfqueryparam cfsqltype="CF_SQL_TIMESTAMP" value="#|#"> (datetime, smalldatetime) qpint - <cfqueryparam cfsqltype="CF_SQL_INTEGER" value="#|#"> qplong - <cfqueryparam cfsqltype="CF_SQL_LONGVARCHAR" value="#|#"> (text) qpvar - <cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#|#"> Then, all you gotta do is type the first abbr and hit ctrl + j and fill in the value...enjoy-> Tyler -----Original Message----- From: Tony Weeg [mailto:[EMAIL PROTECTED] Sent: Thursday, September 04, 2003 10:44 AM To: CF-Talk Subject: RE: <cfquery syntax aight, im sold. GREAT. conversion time....WOO WOO WOO! thanks guys and gal, for the insight. tony weeg sr. web applications architect navtrak, inc. [EMAIL PROTECTED] www.navtrak.net office 410.548.2337 fax 410.860.2337 -----Original Message----- From: Craig Dudley [mailto:[EMAIL PROTECTED] Sent: Thursday, September 04, 2003 10:35 AM To: CF-Talk Subject: RE: <cfquery syntax Yes, it should be the same for all the big databases. Even is it wasn't any faster, the data type validation using queryparam provides makes it more than worthwhile. SQL injection attacks are potentially fatal for your db server and you should not risk it. -----Original Message----- From: Tony Weeg [mailto:[EMAIL PROTECTED] Sent: 04 September 2003 15:33 To: CF-Talk Subject: RE: <cfquery syntax but what impact does it have on sql server 2000 ent edition. we don't use oracle...does this same logic apply? tony weeg sr. web applications architect navtrak, inc. [EMAIL PROTECTED] www.navtrak.net office 410.548.2337 fax 410.860.2337 -----Original Message----- From: Deanna Schneider [mailto:[EMAIL PROTECTED] Sent: Thursday, September 04, 2003 10:30 AM To: CF-Talk Subject: Re: <cfquery syntax Tony, It's faster for the database, not necessarily for CF. In Oracle, there's this chunk of memory used for sql snippets. When a new query comes in, it looks there first, to see if it already exists. If it does, it yanks the data from there, instead of re-running/re-optimzing the query. (I would imagine there's something similar in other databases.) Anyway, using queryparam makes it so that two queries searching for different values in the where clause look like the same query to Oracle. In other words: select * from mytable where id = 1 is not the same as select * from mytable where id =2 But, if you use queryparams... select * from mytable where id = <cfqueryparam cfsqltype="cf_sql_integer" value="1"> is the same to the query pool as select * from mytable where id = <cfqueryparam cfsqltype="cf_sql_integer" value="2"> The query param gets translated to a "bind variable," and Oracle knows that it's the same query except for this one variable. That's what makes it faster. -d ----- Original Message ----- From: "Tony Weeg" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Thursday, September 04, 2003 8:38 AM Subject: RE: <cfquery syntax > faster than the raw data being in there? > how can that be? > > that's just one more tag that cfserver has to interpret process > etc...albeit a millisecond or less, enough of them could be slower? > > im not sure I get that logic? > > tony weeg > sr. web applications architect > navtrak, inc. > [EMAIL PROTECTED] > www.navtrak.net > office 410.548.2337 > fax 410.860.2337 > > > -----Original Message----- > From: Craig Dudley [mailto:[EMAIL PROTECTED] > Sent: Thursday, September 04, 2003 9:23 AM > To: CF-Talk > Subject: RE: <cfquery syntax > > > Because it's safer and faster and is therefore considered best > practice. > > -----Original Message----- > From: Tony Weeg [mailto:[EMAIL PROTECTED] > Sent: 04 September 2003 14:16 > To: CF-Talk > Subject: RE: <cfquery syntax > > > why should one ALWAYS use cfqueryparam? > > I havent, EVER and have many apps, on many servers > and no problems....just wondrin' > > tony weeg > sr. web applications architect > navtrak, inc. > [EMAIL PROTECTED] > www.navtrak.net > office 410.548.2337 > fax 410.860.2337 > > > -----Original Message----- > From: Pascal Peters [mailto:[EMAIL PROTECTED] > Sent: Thursday, September 04, 2003 8:14 AM > To: CF-Talk > Subject: RE: <cfquery syntax > > > You see the ? BECAUSE of the cfqueryparam and this is not an error. It > is just a placeholder for the value. And you should ALWAYS use > <cfqueryparam> The only exception you can make is for static values > like "isActive = 1" or something. And even then you can't go wrong > using them. > > -----Original Message----- > From: Bushy [mailto:[EMAIL PROTECTED] > Sent: donderdag 4 september 2003 14:06 > To: CF-Talk > Subject: re: <cfquery syntax > > > I checked the database and there seems to be something wrong with the > <cfqueryparam> because when I check the fields using SQL Query > Analyzer there are question marks "?" in the fields which I think is > an error trying to update the fields? > > Do I need the <cfqueryparam>? > > > On Thu, 04 Sep 2003 07:55:24 -0400, Bushy wrote: > > > Hi, > > > > What's wrong with the below syntax? I think the single quotes around > > the "commalist" is throwing it for a loop? How can I get around > > this? If I use double quotes I'll run into the same problem around > > the "ListGetAt..." code. > > > > <cfquery name="Insert" datasource="prefs"> > > UPDATE tblProfiles > > SET > > strSelect='<cfqueryparam value="#ListGetAt(commalist,1,'|')#" > cfsqltype="CF_SQL_LONGVARCHAR">' > > WHERE strUsername='#auth#' > > </cfquery> > > > > > > > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. http://www.cfhosting.com
