Dear Dave Phillips, you have made a generalisation and I have a dissenting opinion ;O)
I use SELECT * for quick and dirty scripts, always have done, always will do. Another way around the error is to change your SQL slightly. Throw in a line break and a different execution plan is used. No it's not ideal, but it works if you come across this problem. Adrian -----Original Message----- From: Experienced CF Developer [mailto:[EMAIL PROTECTED] Sent: 21 July 2008 22:32 To: CF-Talk Subject: RE: (ot) URL Hack Attempt Leaves Me Scractching My Head... And for those of you who take this advice and DO use cfqueryparam ***always*** make sure you NEVER use SELECT * (which you shouldn't do anyway). I inherited an application that had a ton of SELECT * all over it and no cfqueryparam tags. Over the years I added cfqueryparam tags as I worked on the application, adding new features, and updated old ones/fixing bugs. Then I ran into a situation. If I didn't update the SELECT * to include actual column names, and one of the column names got dropped from the table I was referencing in my SELECT query with a cfqueryparam, then BAM, the application would break. Two hard and fast rules to live by: 1. Use cfqueryparam - ALWAYS 2. Use SELECT * - NEVER I'm sure someone will now provide some comment as when generalizations are usually made, someone has a dissenting opinion (to which, of course, you are fully entitled!) :) Sincerely, Dave Phillips ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309581 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
