Mike, Thanks for the response. But the question is this: what benefits will I get from saying this:
<cfqueryparam cfsqltype="cf_sql_integer" value="#val(url.userid)#"> over just this: #val(url.userid)# Am I going to see a significant performance increase? For the sake of argument, pretend that sample query I included in my first post is heavily hit. I'm running SQL Server 2000 (soon to upgrade to 2005). >As many others have said, there is never a reason NOT to use >cfqueryparam. > >You can still use your trick and cfqueryparam doesn't have to bomb: > ><cfqueryparam cfsqltype="cf_sql_integer" value="#val(url.userid)#"> > >M!ke > >I'm trying to determine if cfqueryparam is really worth using. > >For data validation, we tend to do something like this: > >SELECT username >FROM user >where userID = #int(URL.userID)# > >the nice thing about this is that if "URL.userID" isn't an integer, >int() returns 0, and the query executes and simply returns no records. >For us, this is a far preferable method than what cfqueryparam would do, >which is to bomb before executing the query. > >Then today I discovered that cfqueryparam supports bind variables, which >theoretically will improve database performance. So now the question >is: how much does it improve performance? Am I really going to notice >it? Should I really switch my queries over to something like this: > >SELECT username >FROM user >where userID = <cfqueryparam CFSQLType="CF_SQL_INTEGER" >value=#int(URL.user_id)#> > >Any advice is appreciated. > >Thanks, >Ben ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Check out the new features and enhancements in the latest product release - download the "What's New PDF" now http://download.macromedia.com/pub/labs/coldfusion/cf8_beta_whatsnew_052907.pdf Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:285966 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
