>Not dissing anyone. Just curious. With all the ORM's and code generators out >there, why are you not using cfqueryparam?
One reason I can think of is that until recently you could not use it with cached queries. For those of us that have to support older versions of ColdFusion, it's definitely a dilemma in terms of trying to provide the often considerable performance benefit that caching provides while not being able to use cfqp. It's relatively easy to sanitize numeric inputs with a Val() function but strings are a bit harder to deal with...as this has shown. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309531 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
