@ Alan-
Perhaps I misunderstood Bryan's question/comment, but you (and therefore
probably others) definitely misunderstood mine.
This is what I have *not* ever seen...
SELECT
<cfqueryparam value="foo" />
FROM
table
;
That is the 'SELECT FROM' that I was referring to. I was ***not***
referring to the WHERE clause of a select statement.
<cfqueryparam /> should absolutely always be used for user-provided data,
and one can make the argument that it should be used regardless.
My apologies for the confusion in my post.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:338572
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
