> I think most code examples that you see are simplified for > readability and > to not clutter up the example.
> We use cfqueryparam's and stored procedures. As a rule, we > also put val() > around every numeric value (such as ID) that is passed in > from the outside > (URL, Form, Attributes). > We try to design our apps so that we query on an ID rather > than a string, > which makes it easier to control the values that come in > from the outside. > Of course this isn't always possible and the queryparam > and SP helps. You > might also consider using a #left(varName, fieldLength)# > on string values as > you send them through the queryparam or SP. Or the maxlength property of the queryparam tag or procparam tag will truncate the variable length also. s. isaac dealey 972-490-6624 new epoch http://www.turnkey.to lead architect, tapestry cms http://products.turnkey.to tapestry api is opensource http://www.turnkey.to/tapi certified advanced coldfusion 5 developer http://www.macromedia.com/v1/handlers/index.cfm?ID=21816 ----------------------------------------------- To post, send email to [EMAIL PROTECTED] To unsubscribe: Send UNSUBSCRIBE to [EMAIL PROTECTED] To subscribe / unsubscribe: http://www.dfwcfug.org
