That's fair enough from a security stand point, but I still use cfqueryparam with MS SQL for performance reason.
When your database executes a SQL statement, it generates an execution plan that best fits that statement and it caches that plan in memory for later use (so it doesn't have to be generated again which is costly). The cached execution plan will ONLY be used for other queries that are the EXACT same. Keep in mind also that your database server has a limit to how many plans it will cache. If you output an order number directly into the query and then view different 100,000 orders, your SQL server will try and cache 100,000 different plans. Select order_id From orders Where order_id = 1 Select order_id From orders Where order_id = 2 Select order_id From orders Where order_id = 3 Select order_id From orders Where order_id = 4 etc... Needless to say, that is a waste of resources, and it won't keep that many plans anyway. Chances are, other useful plans will get pushed out of memory to make room. However, if all your inputs are parameterized, then all those SQL statements are now IDENTICAL and share the same plan: Select order_id From orders Where order_id = (param) This single plan can be reused for all 100,000 orders which means other queries won't have their plans purged out of memory. There is a valid discussion about the use of non-optimal plan, but as a general rule, I wouldn't let that stop you from the best practice. ~Brad ----- Original Message ----- From: "Claude Schneegans" <[EMAIL PROTECTED]> > > Ok, then lets say that CFQP should alway be used with MySQl... > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309632 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
