> The list="yes" parameter of CFQUERYPARAM will properly wrap the single quotes
> around each list element.
That's not quite right. What it will do is create a parameter for
every element in the list and map it to the database type you supply.
Even with character data, no single quotes are used when using
cfqueryparam. Indeed, it may be important to know that you are sending
a different kind of request to the db when you use cfqueryparam. Ie.
SELECT foo
FROM bar
WHERE foo IN (<cfqueryparam cfsqltype="cf_sql_varchar" value="Hello
mum,Hello world,I love chocolate" list="true" />)
....gets translated by ColdFusion, which then sends something like the
following to the database server:
SQL Statement: SELECT foo FROM bar WHERE foo IN (?,?,?)
SQL Parameters:
* param 1 (varchar) = 'Hello mum'
* param 2 (varchar) = 'Hello world'
* param 3 (varchar) = 'I love chocolate'
Without using cfqueryparam, you would send the following to the db:
SQL Statement: SELECT foo FROM bar WHERE foo IN ('Hello mum','Hello
world','I love chocolate').
Further, better and useful quick reading:
http://java.sun.com/docs/books/tutorial/jdbc/basics/prepared.html
HTH
Dominic
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad.doubleclick.net/clk;207172674;29440083;f
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314446
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
