I hate to sound as ignorant as I am, but I don't use cfqueryparam. Where should I use it and why. Is it just for selects?
Mark You should use <cfqueryparam> in any SQL statement that uses dynamic, especially user provided values, for security and performance. It is not just for selects but updates and inserts as well. By using <cfqueryparam> you are allowing your database (if it supports this feature) to create bind variables. This allows the database to create more efficient and reusable processing plans. This usually provides for improved performance. For security; since you have declared your values to be variables, not just a string fragment, this largely mitigates SQL injection attacks where mean users provide SQL code as part of their values to your database, allowing them to circumnavigate security and/or alter or destroy data. Thus, one should use <cfqueryparam> whenever possible for all values used in SQL built in ColdFusion code. -------------- Ian Skinner Web Programmer BloodSource www.BloodSource.org Sacramento, CA "C code. C code run. Run code run. Please!" - Cynthia Dunning Confidentiality Notice: This message including any attachments is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender and delete any copies of this message. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:218642 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
