A lot depends on what level of access you have to the database. I have full control over all of mine so it never impacted me. I find I can really up the data validation, type checking, and speed by taking advantage of the oracle or sql server proc capability.
I find my CF code is cleaner since I like to do a lot of data validation -- much easier to do on the back end and I can validate things natively that would take a lot of CF code to do. Not to sure about portability. I've never had that issue. I can move all my stored procs from on server to another in an instant. Maybe my preferences stem from the fact that I mostly use CF (via CFCs) as a middle tier between Flex and the database and to handle files. I suspect you all are much more into the nuances than I ! ----- Original Message ----- From: "Crow T. Robot" <[EMAIL PROTECTED]> To: "CF-Talk" <[email protected]> Sent: Monday, January 21, 2008 12:26 PM Subject: Re: writing insert query sql in coldfusion > To play Devil's advocate here...you lose a lot of portability & code > readability with SP's. I personally only use them when it makes sense > (speed or DB-only functionality - DTS comes to mind here) to do so. > > On Jan 21, 2008 12:16 PM, Craigsell <[EMAIL PROTECTED]> wrote: > >> And to further emphasize that -- I would encourage the use of stored >> procedures whenever possible. I've been using Oracle stored procdures >> with >> CF for years with great success. You all the benefits of the >> CFQUERYPARAM >> and you let the database do what it does best -- process data. >> >> Warren Koch >> >> ----- Original Message ----- >> From: "Dave Watts" <[EMAIL PROTECTED]> >> To: "CF-Talk" <[email protected]> >> Sent: Monday, January 21, 2008 12:09 PM >> Subject: RE: writing insert query sql in coldfusion >> >> >> >> > out of interest what is the difference in using the >> >> > cfqueryparam and not? >> >> >> >> Well, the biggest reason is that it provides significant >> >> protection against SQL injection attacks. It basically does >> >> in-line data validation. >> > >> > Ben (and everyone else who's posted) is right that you should use this. >> > It's >> > worth pointing out, though, that Ben has listed two different things >> > above, >> > and those things are separate. CFQUERYPARAM separates data values from >> > executable SQL code, and that's how it prevents SQL injection attacks. >> > This >> > isn't "significant protection", it's complete protection. By separating >> > data >> > values from executable code, you are clearly telling the database that >> > data >> > values cannot be executed, so it doesn't matter whether they contain >> > SQL >> > commands - they simply won't be executed. >> > >> > Almost as a side effect, you get data validation before you send your >> data >> > to the database. >> > >> > Dave Watts, CTO, Fig Leaf Software >> > http://www.figleaf.com/ >> > >> > Fig Leaf Software provides the highest caliber vendor-authorized >> > instruction at our training centers in Washington DC, Atlanta, >> > Chicago, Baltimore, Northern Virginia, or on-site at your location. >> > Visit http://training.figleaf.com/ for more information! >> > >> > >> >> > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:297004 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
