>From a couple of emails back, I still get the strange error from time to time:
"Error Executing Database Query. [Macromedia][SQLServer JDBC Driver][SQLServer]Could not find prepared statement with handle [X]". Gets to a stage where it happens on a certain query, regardless of what is being passed; server has to be restarted to resolve the problem. >From memory, (when I used to make websites with allaire spectra) a lot of the slowness in some queries could be alleviated by removing unnecessary cfqueryparams (e.g. inserting data generated by server code). I remember it changed from about 30 seconds to do an update down to less than a second, mainly because of the large number of parameters being passed and the amount of queries actually occuring. Of course back them I didn't know a lot about things so it could have just been a problem with the database or whatever.. Who knows. It would be good to resolve the above problem as, if it is unresolveable and pops up in other areas, I'll have to add that function to the rest of the cfqueryparams, numbering in the thousands throughout the application (this will not be nice), but is there any other choice? There's no information out there, so I'm a little stuck with this at the moment. Joel -----Original Message----- From: [email protected] [mailto:[EMAIL PROTECTED] Behalf Of Mark Mandel Sent: Thursday, 8 June 2006 10:16 AM To: [email protected] Subject: [cfaussie] Re: SQL Injection in CF What issues have you hit with cfqueryparam Joel? I've also been using it since 4.5, and have never really hit a wall with it. I'm curious to know what your problems have been? Regards, Mark On 6/8/06, Joel Cass <[EMAIL PROTECTED]> wrote: > > Because there has been some issues with the cfqueryparam tag (I've had a > love-hate relationship with this tag since CF 4.5), I've made the following > function - does it seem safe? I can't crack it anyway > > ALso, it seems that PreserveSingleQuotes() isnt required around values to be > put into the database, eg. myStrField = #dbValue(myStrField,"varchar")#, in > fact I had some errors for some values (e.g. date) when using the > preserveSingleQuotes function.. I noticed the change a while ago. Will it be > a permanent thing that the PreserveSingleQuotes() function is not required > around function results? > -- E: [EMAIL PROTECTED] W: www.compoundtheory.com ICQ: 3094740 --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "cfaussie" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cfaussie -~----------~----~----~----~------~----~------~--~---
