Dave, You made a valid point, but let me switch to cfquery for a min. It has become best practice to use cfqueryparam to stop sql injection, but there is times when you don't need it either.
And as discussed on another mailing list about this issue, I made the point that if the query is inside a cfunction where the conditions where either inside the function or passed through as arguments, then a cfqueryparam is certainly not needed. But people still do it because it is best practice. *"Locking shared scope variables within ColdFusion templates is an often overlooked process that has severe consequences when best practices are not followed. This document will explain why the process of locking shared scope variables is important and the corresponding best practices. Developers should be advised that these practices should not be considered optional under any circumstances. Most cases of ColdFusion site instability can be traced back to inproper use or complete lack of locking. A few extra lines of code and an understanding of the underlying concepts of locking can go a long way towards ensuring robust Web applications with maximum availability and performance. * * What Are Shared Scope Variables? Session scope variables, application scope variables, and server scope variables are shared scope variables. They are so named because they are stored in a part of memory that is shared by all of the threads used by ColdFusion Server to run requests. The physical pieces of memory that are used to store these variables can be accessed by any of the threads within the server. Variables are "accessed" when reading their values or writing values to them. Why Does Shared Scope Variable Access Need to Be Locked? Because ColdFusion Server uses multiple threads (multithreading), it is able to simultaneously work on requests from multiple users at the same time. It is also able to work on multiple requests from the same user at the same time. This can happen with a Web site that utilizes frames, when a user clicks the reload button on there browser before the initial request has completed, or when a user has multiple browser windows open.**"* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| ColdFusion MX7 by AdobeĀ® Dyncamically transform webcontent into Adobe PDF with new ColdFusion MX7. Free Trial. http://www.adobe.com/products/coldfusion?sdid=RVJV Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275238 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
