If there is a performance benefit using cfqueryparam, it will still be of benefit in this case. Also, regardless of the performance, security is still an issue (SQL injections) and so I would say that continuing to use cfqueryparam is your best option and practice.
Regards, Dominic On 23/10/2007, Ben Mueller <[EMAIL PROTECTED]> wrote: > > Hi all, > > I've become a convert to cfqueryparam after posting a question about it to > this group several months back. Since then, I've started wondering about > the benefits of it if there are <cfif> statements in a <cfquery> block. For > example: > > <cfquery name="myname" datasource="myDB"> > > SELECT email > FROM user u > WHERE country = <cfqueryparam cfsqltype="cf_sql_varchar" > value=#somecountry#> > <cfif len(somestate)> > AND state = <cfqueryparam cfsqltype="cf_sql_varchar" value=#somestate#> > </cfif> > </cfquery> > > Does the presence of the <cfif> statement inside the cfquery block negate > all the performance benefits I would have otherwise gained from using > <cfqueryparam>? If so, I would guess this is a common issue people run > into. Is there a best practice for handling this kind of situation? > > Thanks in advance, > Ben Mueller > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Download the latest ColdFusion 8 utilities including Report Builder, plug-ins for Eclipse and Dreamweaver updates. http;//www.adobe.com/cfusion/entitlement/index.cfm?e=labs%5adobecf8%5Fbeta Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:291891 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
