> high volume, I actually prefer to leave the insert values
> inline and have less code to deal with. If you are taking the
> pains to use cfqueryparam, you might as well push the whole
> query into a stored procedure.
If you're accepting data from the browser, and you're not passing it to a
stored procedure but are instead using it within an INSERT statement, you
should always use CFQUERYPARAM, whether it's used in high volume or not. In
the case of an INSERT statement, CFQUERYPARAM won't provide any significant
performance benefit in most cases, but it's required to prevent SQL
injections.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
phone: 202-797-5496
fax: 202-797-5444
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
