And finally, do you really want a user to be able to add any random CF expression into the DB to be executed? Combine this with something like a URL variable or form post and the results could make SQL injection look like a minor inconvenience.
Replacing placeholders is much safer. mxAjax / CFAjax docs and other useful articles: http://www.bifrost.com.au/blog/ 2008/10/11 Aaron Rouse <[EMAIL PROTECTED]> > Yeah but you have to be careful with how much you use those functions in an > application. I know at least on our CF6 server here for one project that > extensively uses those it does in fact eat up a good bit of resources when > a > normal user load is on it. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:313774 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
