So you know that it *always* prevents SQL injection in a standard query (select, update or delete). That's a good enough reason to always use it for me.
On Thu, Jul 24, 2008 at 10:58 PM, Claude Schneegans <[EMAIL PROTECTED]> wrote: > >>Do you fully understand what cfqueryparam does when binding text > parameters into the query? > > Yes, fully. > I've designed CFX_ODBCinfo, and some other tools, and I'm pretty aware > of the way ODBC or JDBC drivers work. > This is precisely why I can say when it is useful and when it is not. -- mxAjax / CFAjax docs and other useful articles: http://www.bifrost.com.au/blog/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309614 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
