I can think of one *huge* reason where CFQUERYPARAM would be useful...
For parameter validation to prevent SQL injection attacks. I would love
to be able to tell people that they should *always* use CFQUERYPARAM,
but I can't because there are times when it will "break" existing code
(by disabling cachedwithin, which is what happens now, as I understand
it).
Mark
-----Original Message-----
From: Dave Watts [mailto:[EMAIL PROTECTED]
Sent: Friday, December 29, 2006 11:49 AM
To: CF-Talk
Subject: RE: cfqueryparam DECREASES performance? (To be selectable in
CF8? )
> I thought I saw somewhere that the next version of CF (CF8?) would
> indeed allow the use of cfqueryparam without forcing the conversion of
> the sql to a prepared statement, which would also allow it to be used
> with the cachedwithin option.
> I don't recall where I read that, so if someone "in the know"
> could confirm it....
I can't say I'm "in the know" on this specific topic, but I don't see
how CFQUERYPARAM would be useful if it didn't build a prepared
statement. I also don't see why CF 8 couldn't just cache query results
from prepared statements, either, so my guess is that is what will
happen.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
Fig Leaf Software provides the highest caliber vendor-authorized
instruction at our training centers in Washington DC, Atlanta, Chicago,
Baltimore, Northern Virginia, or on-site at your location.
Visit http://training.figleaf.com/ for more information!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Create robust enterprise, web RIAs.
Upgrade & integrate Adobe Coldfusion MX7 with Flex 2
http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU
Archive:
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:265330
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
