what
if you want to join across 3 tables, do a sub select, or even a union or
something?
--------Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Gary Menzel
Sent: Wednesday, August 17, 2005 11:59 AM
To: CFAussie Mailing List
Subject: [cfaussie] Re: CFQuery StyleThe issue you may have with this is that by doing it that way you cannot use <cfqueryparam> and hence you may have problems with SQL Injection statements (where someone can hijack pages/queries with what they enter into form fields - unless you have strong filtering and validation on the form fields).Regards,Gary
On 8/17/05, Chad Renando <[EMAIL PROTECTED]> wrote:Personally, I keep CF out of my SQL as much as possible, which means
putting SQL in my CF variables. Often times, my queries look
something like:
SELECT #MySelectStatement#
FROM #MyFromStatement##MyJoinStatement#
#MyWhereStatement#
#MyGroupStatement#
#MyOrderStatement#
But then I'm abstracting to the nth degree.
Chad
who is cold and turning his thermostat to the nth degree
On 8/17/05, [EMAIL PROTECTED] <[EMAIL PROTECTED] > wrote:
> Who cares? The sql server doesnt ... but really it comes back to the KISS
> prinicple. The easier someone can read your code the better it is. The
> greatest cost of any development is the maintenance. You ever look at your
> own code from three years ago and go 'What the ...'. Im very much in
> favour of the CF identation method.
>
> my 2c
>
> > Hi All
> >
> > Just wondering what everyones opinion is about formatting SQL code
> > withing CFQuery ? Do you think its important to preserve the indentation
> > of the SQL or is it more important to see the flow of the CF code inside
> > the tag ?
> >
> > Im way more in favour of preserving cold fusion indentation. I just
> > think its more important to follow the logic of the code, especially
> > when the query gets complex and there are more <CFIF calls in there.
> >
> > Pat
> >
> >
> > eg. SQL indentation is Preseved
> >
> > <cfquery .....>
> > SELECT *
> > FROM table t
> > WHERE 0=0 <cfif isDefined("form.keyword") >
> > AND title like '%#title#%'</cfif><cfif listLen( form.categoryIds) >
> > AND category_id IN (#form.categoryIDs#)</cfif>
> > </cfquery>
> >
> > OR 2 cold fusion indentation is preserved
> >
> > <cfquery .....>
> > SELECT *
> > FROM table t
> > WHERE 0=0
> > <cfif isDefined("form.keyword") >
> > AND title like '%#title#%'
> > </cfif>
> >
> > <cfif listLen(form.categoryIds) >
> > AND category_id IN (#form.categoryIDs#)
> > </cfif>
> > </cfquery>
> >
> > ---
> > You are currently subscribed to cfaussie as: [EMAIL PROTECTED]
> > To unsubscribe send a blank email to
> > [EMAIL PROTECTED]
> > Aussie Macromedia Developers: http://lists.daemon.com.au/
> >
>
>
>
> ---
> You are currently subscribed to cfaussie as: [EMAIL PROTECTED]
> To unsubscribe send a blank email to [EMAIL PROTECTED]
> Aussie Macromedia Developers: http://lists.daemon.com.au/
>
---
You are currently subscribed to cfaussie as: [EMAIL PROTECTED]
To unsubscribe send a blank email to [EMAIL PROTECTED]
Aussie Macromedia Developers: http://lists.daemon.com.au/
--- You are currently subscribed to cfaussie as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] Aussie Macromedia Developers: http://lists.daemon.com.au/
You are currently subscribed to cfaussie as: [email protected]
To unsubscribe send a blank email to [EMAIL PROTECTED] Aussie Macromedia Developers: http://lists.daemon.com.au/
