Wow, calm down there partner! I clearly stated in my post that I could be wrong about this, and I invited people to correct me if I am wrong.
As far as "Dave is of course correct as usual". Dave has been known to be wrong before. Feel free to dismantle your Dave Watts shrine. ;) I KNOW for a fact that I read an article a couple of years ago that explained things the way I explained them earlier. I learned that using prepared statements causes CF to send a compiled (yes, compiled) chunk of code to SQL Server, lightening the DB's load. Also, I learned that leaving pieces of your "search" (the right side of Where/And) out of the bind would cause the whole thing to be sent as plain SQL instead of compiled. That is NOT to say that the security benefits would break down, just the performance. AGAIN, I will say that I could be wrong here. But I will defend myself and say that whoever wrote that article a couple of years ago was wrong...not me. On Fri, Sep 24, 2010 at 8:17 AM, Russ Michaels <[email protected]> wrote: > > It is a complex topic for many, and Dave is of course correct as usual. > It would be wise to a bit of research on the topic before giving out > incorrect advise and also for yourself to make sure you understand the > process correctly to aid in your own query design. > There is a lot of info regarding this on Microsofts SQL server MSDN and > technet pages. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337520 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
