CFQUERYPARAM binds the argument into the statement, preventing it from being interpreted as SQL.
On 8/25/06, Andrew Scott <[EMAIL PROTECTED]> wrote: > I will pipe up here, and ask one question though. And the reason I ask this > is that it's maybe different for me, but I tend not to use the cfqueryparam > in cffunction's that have cfarguments and are typed. > > I find it is not required as the function will throw an error anyway, and > the only time that it will not is if the type asked for is a string, and in > that case, I would like to know how the cfqueryparam stops that from > happening with a sql injection? > > > Senior Coldfusion Developer > Aegeon Pty. Ltd. > www.aegeon.com.au > Phone: +613 8676 4223 > Mobile: 0404 998 273 > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:250997 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
