Well, you'd have a replacement for the security functionality, but it would be different and it would have to be very well written. A bind parameter is security in itself (in a DB that genuinely supports bind parameters anyway).
On 12/12/06, Rick Root <[EMAIL PROTECTED]> wrote: > Peterson, Chris wrote: > > I would think that you could write your own variable sanitizer to make > > up for the lack of cfqueryparam... > > > > WHERE ID = <cfx_sanitize type="varchar" maxLength="7" > > value="#form.myVar#" /> > > > > Anyone done something like that? > > I suppose you could do that even without a cfx tag, just with a regular > custom tag... but I'd call it cf_queryparam =) > > You'd keep the security functionality, but you'd still lose the > performance benefits of cfqueryparam (bind variables) > > Rick > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Create robust enterprise, web RIAs. Upgrade & integrate Adobe Coldfusion MX7 with Flex 2 http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:263712 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
