Hi Terry, Using <CFQUERYPARAM> in missing off the CFSQLTYPE means that the CF doesn't do any vaildation and the database just uses it as a normal bind parameter. This allows the db server to cache the execution plan for the query which will speed up the query executions under load.
Adam. > -----Original Message----- > From: Terry Riley [mailto:[EMAIL PROTECTED] > Sent: 11 November 2003 13:30 > To: [EMAIL PROTECTED] > Subject: [ cf-dev ] Use of <cfqueryparam> > > > I've seen a lot of code lately where the query (either extracting, > inserting or updating information) uses the > > <cfqueryparam value="#xxx#"> in the WHERE clause, without > qualifying the > parameter with a cfsqltype. > > I can understand the use of the cfqueryparam with a cfsqltype > and other > attributes as one way of preventing cross-site scripting (adding > additional text to the string to do something evil), but see > no point in > using > > 'WHERE ID = <cfqueryparam value="#url.ID#">' > > as opposed to > > 'WHERE ID = "#url.ID#"' > > Is there one? Is it faster? Manuals and googles don't seem to > come up with > an answer..... > > Cheers > Terry > > -- > ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ > > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] For human help, e-mail: > [EMAIL PROTECTED] > > -- ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For human help, e-mail: [EMAIL PROTECTED]
