As many others have said, there is never a reason NOT to use cfqueryparam. You can still use your trick and cfqueryparam doesn't have to bomb:
<cfqueryparam cfsqltype="cf_sql_integer" value="#val(url.userid)#"> M!ke -----Original Message----- From: Ben Mueller [mailto:[EMAIL PROTECTED] Sent: Friday, August 10, 2007 12:01 PM To: CF-Talk Subject: Is cfqueryparam worth it? I'm trying to determine if cfqueryparam is really worth using. For data validation, we tend to do something like this: SELECT username FROM user where userID = #int(URL.userID)# the nice thing about this is that if "URL.userID" isn't an integer, int() returns 0, and the query executes and simply returns no records. For us, this is a far preferable method than what cfqueryparam would do, which is to bomb before executing the query. Then today I discovered that cfqueryparam supports bind variables, which theoretically will improve database performance. So now the question is: how much does it improve performance? Am I really going to notice it? Should I really switch my queries over to something like this: SELECT username FROM user where userID = <cfqueryparam CFSQLType="CF_SQL_INTEGER" value=#int(URL.user_id)#> Any advice is appreciated. Thanks, Ben ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Get the answers you are looking for on the ColdFusion Labs Forum direct from active programmers and developers. http://www.adobe.com/cfusion/webforums/forum/categories.cfm?forumid-72&catid=648 Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:285965 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
