>Try not to think about queryparam as a performance benefit so much, The >performance increase isn't really anything that massive, think about it from >a security perspective. > >Without cfqueryparam people will add, edit and remove content from your >database, gain access to secure sections of your site, steal important >information from you, names, address, credit card information and so on. > >queryparam really is important... _really_ important ... I can't stress that >enough. > >Why is it that you find it annoying? Because of the extra few moments it >takes to code? It really is worth that extra few seconds to wrap up all your >dynamic parameters, once you get in to the habbit you won't even think twice >about it.
I get the fact that it's important to prevent SQL injection attacks, etc etc. While I certainly see the value of that, I must admit that I'm not sold on cfqueryparam for that reason alone. Our web application tends to check incoming data before it even gets to a SQL statement. So, while I have started using cfqp everywhere, I probably wouldn't use it for security alone. Hate me if you must. (-; I am also interested in the performance benefit, and what would annoy me is if the presence of a <cfif> statement inside a <cfquery> block negated any performance benefit gained from cfqp. There are a few cases on our site where adding cfqp seems to have made a non-trivial difference in performance, and I would hate to think that in all other other places I use it, I may be doing more harm than good in terms of performance. (I'm only slightly annoyed by how verbose the tag is, but not enough to stop using it). Anyway, thanks all for the replies. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| ColdFusion is delivering applications solutions at at top companies around the world in government. Find out how and where now http://www.adobe.com/cfusion/showcase/index.cfm?event=finder&productID=1522&loc=en_us Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:291992 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
