> > the CF page response time went down significantly > > because it no longer had to wait so long for the > > SQL server to process the queries.
After re-reading this line I think it may have been confusing. What I meant was that the response time in ms went down, so the pages got a lot faster. > And what about the security factor? I've always been > under the assumption that if your CF only had access > to run SPs you were safer from SQL injection. I would agree with that, but you can be just as safe with inline SQL if you scrub the variables properly. I've seen people scream in horror over a query like this... WHERE id = #url.id# ....Until I point out... <cfset url.id = abs(val(trim(url.id)))> ....As part of the scrubbing routine. Guarantees a positive integer value, and passes in 0 if it's a string. It's not the best way, but for small sites it's quick, easy, and pretty safe. CFQUERYPARAM would help also. Unfortunately some people are still using access databases, and don't have the luxury of stored procedures. I use SQL Server myself, and sp's where needed. I'm not a zealot one way or the other on what is used. Depends on the situation. -Justin Scott ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:222688 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
