I've seen a lot of code lately where the query (either extracting, inserting or updating information) uses the
<cfqueryparam value="#xxx#"> in the WHERE clause, without qualifying the parameter with a cfsqltype. I can understand the use of the cfqueryparam with a cfsqltype and other attributes as one way of preventing cross-site scripting (adding additional text to the string to do something evil), but see no point in using 'WHERE ID = <cfqueryparam value="#url.ID#">' as opposed to 'WHERE ID = "#url.ID#"' Is there one? Is it faster? Manuals and googles don't seem to come up with an answer..... Cheers Terry -- ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For human help, e-mail: [EMAIL PROTECTED]
