> There are reasons not to use it. They come with perils. If the data > being sent to the query does not come from the outside then the only > risk to SQL injection comes from the developers working on the query, > and they have other ways to cause havoc without having to write SQL > injection attacks.
True enough....but then you need to use one of those stripped down queries where the public could mess with things....why not just use it and forget about it?? ;-) > > When you use cfqueryparam the statement that gets compiled uses > sp_prepexec. This causes MSSql server to generate the query execution > plan for the query before actually executing the query. This can > actually end up causing the server to run the query 2x. If you have a > very long running query for a report for example that queries millions > of records of data against millions of other records of data etc. and > takes several minutes or hours to execute you do not want that to happen > 2x every call. In theory when sp_prepexec generates the execution plan > that is cached and not needed to be created again however on high volume > / traffic sql servers it is not possible to cache every execution plan > forever. Often long running queries that are executed rarely fall out of > the execution plan cache. This can create a huge performance problem for > a sql server. Well that's a pretty specific situation...and one that should be a stroed proc IMHO Bryan Stevenson B.Comm. VP & Director of E-Commerce Development Electric Edge Systems Group Inc. phone: 250.480.0642 fax: 250.480.1264 cell: 250.920.8830 e-mail: [EMAIL PROTECTED] web: www.electricedgesystems.com Notice: This message, including any attachments, is confidential and may contain information that is privileged or exempt from disclosure. It is intended only for the person to whom it is addressed unless expressly authorized otherwise by the sender. If you are not an authorized recipient, please notify the sender immediately and permanently destroy all copies of this message and attachments. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| ColdFusion 8 - Build next generation apps today, with easy PDF and Ajax features - download now http://download.macromedia.com/pub/labs/coldfusion/cf8_beta_whatsnew_052907.pdf Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:285990 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
