CFQP isn't just for validation/security.
It also uses bind variables, which basically splits out the dynamic parts of a
query, and allows the DBMS to cache the query execution plan, which can make
big common queries run faster.
Whilst this does prevent you from caching queries using the built-in
attributes, it doesn't prevent you from caching them manually.
eg: Something along the lines of this:
<cfif NOT (StructKeyExists(Session,'Bob') AND DateDiff('h', Session.BobCreated,
Now()) LT 1)>
<cfquery name="Session.Bob">
...
</cfquery>
<cfset Session.BobCreated = Now()/>
</cfif>
(got a feeling there's something wrong with that code, but not sure what it is)
> Ok ok, so I'm a baaad boy, but I hadn't been using cfqueryparam all
> this time, but with a good reason. You cannot cache your queries if
> you do.
>
> I'm sure this has come up before, but I want to ask anyway...
>
> I'd prefer not to cfqueryparam all my queries because I have quite a
> few that run for every page, some of which are pretty big. Currently I
> cache every query I can get away with caching and the sites run fairly
> snappy. Some day soon I'll get around to a real tune-up as far as
> performance, but for now I'm worried about security.
>
> For the queries based on numeric ID, can't I get away with putting a
> val( ) around my url ID variables and be ok (this is what I'm doing
> now)? I mean, val( ) strips out everything starting from the first non
> numeric character, which would essentially remove all sql hacks.
> Assuming I could ensure val( ) didn't crash (what could crash it)
> would I be safe enough with just that?
>
> Mik
>
>
> ie;
>
> <cfquery name="qs" datasource="#request.d.dbname#" dbtype="ODBC">
> SELECT something
> FROM somewhere
> WHERE ID = <cfqueryparam cfsqltype="CF_SQL_INTEGER" null="No"
> value="#url.ID#">
> </cfquery>
>
> vs.
>
>
> <cfquery name="qs" datasource="#request.d.dbname#" dbtype="ODBC"
> cachedwithin="#session.cache_long#">
> SELECT something
> FROM somewhere
> WHERE ID = #val(url.ID)#"
> </cfquery>
>
>
>
>
>
>
>
> --------
> Michael Muller
> Admin, MontagueMA.net Website
> work (413) 863-0030
> cell (413) 320-5336
> skype: michaelBmuller
> http://www.MontagueMA.net
>
> Eschew Obfuscation
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Upgrade to Adobe ColdFusion MX7
The most significant release in over 10 years. Upgrade & see new features.
http://www.adobe.com/products/coldfusion?sdid=RVJR
Archive:
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:272787
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
