Gaulin, Mark wrote: > > If you want to stick to defining cfqueryparam that way then I might as well > request a new tag, cfqueryparmthatdoesntusebinding, that does everything that > I want it to do without doing parameter binding.
> I completely conceed that it would be difficult to guarantee perfect security > the way that a bound parameter would. Do you have any idea how difficult? We have 3 options in JDBC, Statement, PreparedStatement and CallableStatement. They currently map exactly to cfquery, cfqueryparam and cfstopredproc. So what you are proposing will in the end boil down to one of the following options: 1. Something new is defined in the JDBC standard. Good luck writing a JSR. 2. Adobe implements something themselves. That will have to be database specific because string delimiters and escape sequences are database specific. (The only one that isn't is the single quote so that is why cfquery already escapes them.) So the full burden of figuring out how every version of every database works falls on Adobe's shoulders, and you can forget about ever using third party drivers. > My essential point is that it would be better for everyone if all code could > be written with cfqueryparam and the benefits of query binding could be > enjoyed in every case except those few times where it gets in the way, even > if that meant not having 100% perfect security during those few moments when > it was disabled. That does not seem like an unreasonable point of view to > me. IMHO you are approaching this totally wrong. If your database sucks at displaying bind variables in a trace, complain to your database vendor. It is their problem (and next time some other application uses bind variables you need decent profiling anyway). If you consider the error reports of CF exceptions incomplete, tell Adobe you want better error reports. Jochem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Get involved in the latest ColdFusion discussions, product development sharing, and articles on the Adobe Labs wiki. http://labs/adobe.com/wiki/index.php/ColdFusion_8 Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:285794 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
