RE: CFLOOP inside a CFQuery

Tue, 09 Jun 2009 18:11:59 -0700 

Ryan,

You'll note that I said "almost" always and I never said "never use it".
There are times that I have had no choice but to use evaluate, but the
scenarios involved were far more complex and generally involve dynamic cfc
function calls. It's up to you whether you use it or not, but why make your
(coding) life harder than it needs to be? I find the alternative far easier
to write, read and maintain than the evaluate alternative.

Cheers,
Gabriel R

-----Original Message-----
From: Ryan Letulle [mailto:[email protected]] 
Sent: Wednesday, 10 June 2009 11:04 AM
To: cf-talk
Subject: Re: CFLOOP inside a CFQuery


Interesting I've never seen any noticeable hit using evaluate but I have
heard it should be avoided. (chose to ignore)  I'll look into your
suggestion though.  I guess the question why even make evaluate available
comes to mind if you should never use it?
--
Ryan LeTulle


On Tue, Jun 9, 2009 at 7:58 PM, Gabriel <[email protected]> wrote:

>
> You don't need evaluate for dynamically created form variables, in 
> almost all cases the struct syntax #form['type'&idx]# will suffice and 
> is more efficient. For this particular scenario, evaluate is an 
> unnecessary overhead and should be avoided.
>
> <cfquery datasource="#request.datasource#">
>        <cfloop from="1" to="#rows#" index="idx">
>                INSERT INTO tbl_ballotOrder (
>                        type,
>                        number,
>                        issue
>                ) VALUES (
>                        <cfqueryparam value="#form['type'&idx]#"
> cfsqltype="cf_sql_varchar" />,
>                        <cfqueryparam value="#form['number'&idx]#"
> cfsqltype="cf_sql_integer" />,
>                        <cfqueryparam value="#form['issue'&idx]#"
> cfsqltype="cf_sql_varchar" />
>                )
>        </cfloop>
>
> </cfquery>
>
> May I also point out the use of CFQUERYPARAM. It's basic principles; 
> unless you've got a damn fine reason not to, always use cfqueryparam. 
> Protect yourself from SQL injection attacks, make your life easier.
>
> No offence intended, but Will I urge you to ignore the 'evaluate' 
> based advice.
>
> Cheers,
> Gabriel
>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Want to reach the ColdFusion community with something they want? Let them know 
on the House of Fusion mailing lists
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:323305
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Reply via email to