To play Devil's advocate here...you lose a lot of portability & code readability with SP's. I personally only use them when it makes sense (speed or DB-only functionality - DTS comes to mind here) to do so.
On Jan 21, 2008 12:16 PM, Craigsell <[EMAIL PROTECTED]> wrote: > And to further emphasize that -- I would encourage the use of stored > procedures whenever possible. I've been using Oracle stored procdures > with > CF for years with great success. You all the benefits of the CFQUERYPARAM > and you let the database do what it does best -- process data. > > Warren Koch > > ----- Original Message ----- > From: "Dave Watts" <[EMAIL PROTECTED]> > To: "CF-Talk" <[email protected]> > Sent: Monday, January 21, 2008 12:09 PM > Subject: RE: writing insert query sql in coldfusion > > > >> > out of interest what is the difference in using the > >> > cfqueryparam and not? > >> > >> Well, the biggest reason is that it provides significant > >> protection against SQL injection attacks. It basically does > >> in-line data validation. > > > > Ben (and everyone else who's posted) is right that you should use this. > > It's > > worth pointing out, though, that Ben has listed two different things > > above, > > and those things are separate. CFQUERYPARAM separates data values from > > executable SQL code, and that's how it prevents SQL injection attacks. > > This > > isn't "significant protection", it's complete protection. By separating > > data > > values from executable code, you are clearly telling the database that > > data > > values cannot be executed, so it doesn't matter whether they contain SQL > > commands - they simply won't be executed. > > > > Almost as a side effect, you get data validation before you send your > data > > to the database. > > > > Dave Watts, CTO, Fig Leaf Software > > http://www.figleaf.com/ > > > > Fig Leaf Software provides the highest caliber vendor-authorized > > instruction at our training centers in Washington DC, Atlanta, > > Chicago, Baltimore, Northern Virginia, or on-site at your location. > > Visit http://training.figleaf.com/ for more information! > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:296988 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
