portal entry

select a category, or use search below
(searches all categories and all time range)

The Hidden Power Of CFQUERYPARAM!

| View in Portal
December 24, 2018 05:28:17 PM GMT
<p>Everyone knows that you should be using CFQUERYPARAM.  It offers many benefits in the areas of security, data validation, and enhanced performance for your applications.  In fact, Adobe recommends that you use the CFQUERYPARAM tag within every CFQUERY, and I completely agree with this recommendation.  I think you would be very hard pressed to find a valid reason NOT to use it. Many of us know the benefit of CFQUERYPARAM from the application side, though we may not always be aware […]</p>
<p>The post <a rel="nofollow" href="https://coldfusion.adobe.com/2018/12/the-hidden-power-of-cfqueryparam/">The Hidden Power Of CFQUERYPARAM!</a> appeared first on <a rel="nofollow" href="https://coldfusion.adobe.com">ColdFusion</a>.</p>
Labels: Blog, CFML Tag/Function, cfquery, blog, cfml tag/function, cfqueryparam, cfsummit, ColdFusion, SQL


You got to this one before I did. I like it a lot. A good follow up would be the QueryExecute version on this. I believe, but I might be wrong, that that passing parameters as an array, does some auto-parameterization.
Comment by James Mohler
1526 | January 03, 2019 05:03:36 PM GMT
How does this affect hard coded variables that aren’t variables?  For example:<blockquote>SELECT firstName, lastName FROM People WHERE (Deleted = 0) AND (personID = <cfqueryparam cfsqltype=”integer” value=”#local.personID#”>)</blockquote> Should the “0” in this instance be in a cfqueryparam?
Comment by David Byers
1527 | January 08, 2019 09:34:57 PM GMT
Here is my best guess. It helps, but not a lot. I am imagining that Deleted. If you are only looking for deleted=0 then there is only going to be one query plan. Using <cfqueryparam>, you still have only one query plan.  
Comment by James Mohler
1532 | January 10, 2019 06:33:29 PM GMT
Hi Adobe, If you see my comment here, can you please document the fact that "cf_sql_" isn't needed (ex: cfsqltype="cf_sql_integer" can be shortened to cfsqltype="integer")? And can you please document which version removed that requirement? Was it CF11? Thanks!, -Aaron
Comment by Aaron Neff
1533 | January 11, 2019 07:08:01 AM GMT
What Statement  do you use to query the execution_count?
Comment by Bernhard Döbler
1942 | March 25, 2019 09:56:10 AM GMT