> > I don't know that I'd make that a blanket recommendation. If
> > you use CFQUERYPARAM to make a prepared statement, you can't
> > use CACHEDWITHIN/CACHEDAFTER with your CFQUERY tags. You'll
> > want to determine which is more appropriate in a given case.
> >
> > In any case, you'll get better performance using stored
> > procedures with SQL Server than you will with CFQUERYPARAM;
> > Oracle, on the other hand, gets more out of prepared statements
> > and less out of SPs than SQL Server does.
>
> True, but using CFQueryParam is a lot more secure than using
> just Val()
How so? If your concern is that the value passed may not be numeric, both
will do the same thing. The only difference is that CFQUERYPARAM may also
improve database processing performance.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
