the
> > requirement for verifying the data type is, almost all queries that use
a
> > variable are using one that you as the programmer have passed to it and
> > therefore have control of its verification before it ever gets to the
query,
> > even if it is posted from a form we have the data validation of the
CFFORM
> > tag and the CFINPUT types.
>
> And you think the average cfform and cfinput tag is sufficient? I
> don't.
OK, but even if the wrong data type is supplied to the query what will
happen, you will get an error. If the cfqueryparam detects an incorrect
data type it will throw an error yes? So what is the difference? Would you
care to explain your answer rather than just taking pot shots at me?
> > I also don't understand the 'unauthorized users' bit.
>
> Authorization is not relevant.
>From Docs.
<QUOTE>Macromedia recommends that you use the cfqueryparam tag within every
cfquery tag, to help secure your databases from unauthorized users.</QUOTE>
Macromedia clearly think it is relevant, would you care to elaborate on why
you think it isn't?
--
Jay
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
