http://tinyurl.com/oo49m
It's basically a tag that makes sure that the value you are trying to insert/select/update into your database is of the correct type (ie, date, varchar, int, bit, etc). You wrap it around your field values. Helps make your app much more secure as it prevents sql injection attacks. It also helps debugging in that you don't have to worry about whether you included quotes around text fields vs. date/int/etc fields. Again, a little bit more typing, but worth it when you go to make a change to the application months down the road. > -----Original Message----- > From: Chelsie Lawson [mailto:[EMAIL PROTECTED] > Sent: Thursday, November 30, 2006 9:51 AM > To: CF-Talk > Subject: Re: Firefox Compatibility > > >I'd take the advice of others on the list and ditch the cfinsert, and use > >cfquery with an insert statement. It's a little more code, but it makes it > >MUCH easier to maintain and debug. > > > >Don't forget to use cfqueryparam too. It's just good practice. > > > >> > > > > > what's the cfqueryparam code? where does it go? > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:262225 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
