Yeah, I agree, and I think the fact that you couldn't sanitize your inputs with cfqueryparam is a big reason to not do that.
If it were me, and I had either multiple queries that I wanted to be executed at the same time or I had a custom tag or component that I needed to feed in sql too, I would just use a stored proc and feed in the name. -----Original Message----- From: Scott Brady [mailto:[email protected]] Sent: Tuesday, June 30, 2009 9:52 AM To: cf-talk Subject: Re: SQL Help There's no reason you need a variable to do multiple updates in a single query statement. You can still put the SQL inside the query tags and, as you say, separate the statements with a semi-colon. Scott On Tue, Jun 30, 2009 at 6:55 AM, Stephane Vantroyen<[email protected]> wrote: > > I don't agree with that : sometimes you have to do multiple updates, inserts or else at the same time, depending on your process and some conditions; instead of doing multiple <cfquery> (and thus multiple db connections), it is sometimes cool to be able to put all the statement(s) in a variable. You then can do one cfquery for the all list of statements at once (juste separate the statements with a ";", in the string variable that you create). -- ----------------------------------------- Scott Brady http://www.scottbrady.net/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:324071 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
