Yep, I agree with Tom, _always_ use it. If you haven't done so already, do some research on 'SQL Injection Attacks' which you are vulnerable too when not using cfqueryparam ... You'll be having nightmares and panic attacks for days, until you wrap all your dynamic SQL in cfqueryparam.
Rob -----Original Message----- From: Tom Chiverton [mailto:[EMAIL PROTECTED] Sent: 24 October 2007 10:39 To: CF-Talk Subject: Re: cfqueryparam and dynamically-created SQL On Tuesday 23 Oct 2007, [EMAIL PROTECTED] wrote: > Does the presence of the <cfif> statement inside the cfquery block negate > all the performance benefits I would have otherwise gained from using > <cfqueryparam>? You have to remember cfqp doesn't just buy you performance, but security and robustness too. Any tiny, tiny, performance hit is unlikely to out weigh that. > If so, I would guess this is a common issue people run > into. Is there a best practice for handling this kind of situation? Use cfqp. Always use cfqp. -- Tom Chiverton. Are you a great ColdFusion programmer, who knows Reactor and ColdSpring, and has done some Flex work ? Would you like to work for a top 30 law firm in Manchester, UK ? Are you not an agency ? If yes, send email ! **************************************************** This email is sent for and on behalf of Halliwells LLP. Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at St James's Court Brown Street Manchester M2 2JF. A list of members is available for inspection at the registered office. Any reference to a partner in relation to Halliwells LLP means a member of Halliwells LLP. Regulated by The Solicitors Regulation Authority. CONFIDENTIALITY This email is intended only for the use of the addressee named above and may be confidential or legally privileged. If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents. If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 8008. For more information about Halliwells LLP visit www.halliwells.com. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| ColdFusion is delivering applications solutions at at top companies around the world in government. Find out how and where now http://www.adobe.com/cfusion/showcase/index.cfm?event=finder&productID=1522&loc=en_us Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:291947 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
