Just use it all the time, then it's never an issue. Plus it does more than just protect against SQL injection.
Adrian -----Original Message----- From: Hunsaker, Michael Scott [mailto:[EMAIL PROTECTED] Sent: 30 September 2008 21:21 To: cf-talk Subject: cfqueryparam within a cfc Hello - We are consistently using the CFQUERYPARAM tag in our code but not within out CFCs. Here's a quick example: <cfcomponet> <cffunction name="function"> <cfargument name="field_value" type="numeric" required="yes"> <cfquery name="get"> SELECT * FROM TABLE WHERE field = <cfqueryparam value="#field_value#" cfsqltype="cf_sql_integer"> </cfquery> </cffunction> </cfcomponent> Is this over-kill or good practice? Thanks! Mike ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:313296 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
