>I will pipe up here, and ask one question though. And the reason I ask this > is that it's maybe different for me, but I tend not to use the cfqueryparam > in cffunction's that have cfarguments and are typed. > > I find it is not required as the function will throw an error anyway, and > the only time that it will not is if the type asked for is a string, and in > that case, I would like to know how the cfqueryparam stops that from > happening with a sql injection?
CFQUERYPARAM also speeds up query execution with DBs like MS SQL Server and Oracle that use BIND variables. So you should simply use CFQUERYPARAM ;-) Cheers Bryan Stevenson B.Comm. VP & Director of E-Commerce Development Electric Edge Systems Group Inc. phone: 250.480.0642 fax: 250.480.1264 cell: 250.920.8830 e-mail: [EMAIL PROTECTED] web: www.electricedgesystems.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:251042 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
