Peterson, Chris wrote: > I would think that you could write your own variable sanitizer to make > up for the lack of cfqueryparam... > > WHERE ID = <cfx_sanitize type="varchar" maxLength="7" > value="#form.myVar#" /> > > Anyone done something like that?
I suppose you could do that even without a cfx tag, just with a regular custom tag... but I'd call it cf_queryparam =) You'd keep the security functionality, but you'd still lose the performance benefits of cfqueryparam (bind variables) Rick ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Create robust enterprise, web RIAs. Upgrade & integrate Adobe Coldfusion MX7 with Flex 2 http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:263711 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
