>> At my current 9-5 job my boss (the technical one) isn't >> sold on >> cfqueryparam, although he doesn't berate anyone for using >> it, he just >> turns his nose up... and although I hate to say it, we >> have worse >> problems in our application currently.
> What reason would anyone have for turning their nose up at > cfqueryparam? I > can only think of one - that you can't cache the query > using the built-in > caching. But, there are still plenty of other ways to > cache the data if you > need it to be cached, and typically on a select that uses > queryparams, you > don't want to cache it anyway. > So, what's his rationale? Well he started out as a classically trained operatic singer and came to programming from there... He's not bad in terms of having a grasp of technical concepts, though he definately seems (to me anyway) to have a fly-by-the-seat-of-the-pants approach to development. I base that assessment on having seen some of the code I know he's written himself (as opposed to the majority of the application which has its origins from his boss who was an electrical engineer prior, but not a very good programmer). I was working on something the other day and he was looking at it with me and I was writing in some cfqueryparam tags and he made the comment "I've never gotten with that ... the whole cfqueryparam thing... they say they're supposed to be so much faster and all that, but I've never seen proof". So I said "I can prove it -- it's not difficult" and his response was "whatever, I don't care". So... based on that my assumption is that his biggest complaint is that the syntax requires so much typing (I must admit, shorter syntax would be nice... like a QueryParam(value,type,null,maxlength|precision) function for instance), and that he's not convined there's a real gain from using them, which I find odd... he seems bright enough that I'm sure he's aware of the sql-injection issue in addition to performance. I'm not certain, but I think he underrates the idea of sql-injection as well as just being something we'll never need to deal with... Not that I would be likely to launch a campaign to fix all the queries that don't have them immediately, but if I were the lead developer I would certainly be encouraging people to add them where they see them missing. s. isaac dealey 954.522.6080 new epoch : isn't it time for a change? add features without fixtures with the onTap open source framework http://www.fusiontap.com http://coldfusion.sys-con.com/author/4806Dealey.htm ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:205099 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
