|
Web
News |
Google's Canadian Gmail guy
Google launched the mobile version of its popular e-mail service in the U.S. several months before its introduction to the Canadian market this week, but it was a software expert at its Waterloo, Ont.-based lab that took care...
Mexican companies will use information security...
Offering best-of-breed information security solutions, Above Security announces the signature of a partnership contract with Mexican firm PROTGT S.A. de C.V. The partnership opens the door for the resale of...
Eidos adds Montreal studio
With two of the world's largest game developers owning studios in Montreal, another big developer has decided to join the Quebec bandwagon. Eidos Interactive will be adding a studio of its own in Montreal, Quebec, following in the footsteps of Electronic Arts and Ubisoft....
Neteller blames job cuts on U.S. gambling crackdown
Neteller, the online payment processing group, will trim about 250 jobs at sites in Canada and the U.K. Around 220 jobs will be cut at the group's contact center and security operations in Calgary, Alberta. Another 30...
Is the web slowing you down?
There are billions of Web pages in cyberspace, but chances are you regularly visit only five or 10, right? But if you do a bit of surfing, you can stumble on a few that offer handy Internet services — at no cost. Here are...
|
|
 | |
|
02.19.07
Coldfusion: Switching To CFQUERYPARAM
 By Raymond Camden
I've had a few requests to quickly review how to switch a dynamic query not using cfqueryparam to one that is using cfqueryparam.
I've covered the reasons for using them many times (basically sql injection and performance). There are also things you lose (like ColdFusion's built in query caching). With that in mind - here is basic rule to consider when figuring out if you need cfqueryparam:
If any portion of the WHERE/VALUES/SET clause in a query is dynamic, the cfqueryparam tag should be used.
So here is a simple example:
Cost Effective Website and Network Monitoring
IPCheck Server Monitor - Free Download |
|
There are two things to note here. First is the cfsqltype value. This value tells the database what type of data is being passed in. There is a whole list of types that you can use. See the table on the cfQuickDocs cfqueryparam page. In general you will use:
* cf_sql_varchar for simple strings, like my example above.
* cf_sql_integer for simple numbers, like those used in primary keys
Another example of the power of cfqueryparam is lists. Imagine this query:
Lastly - I mentioned above in my "rule" (and since I called it that a few hundred of my readers will find exceptions :) that cfqueryparam should be used in the WHERE clause. You can't use it elsewhere. This query would not be a candidate for cfqueryparam usage.
Comments
About the Author:
Raymond Camden, ray@camdenfamily.com
http://ray.camdenfamily.com
Raymond Camden is Vice President of Technology for roundpeg, Inc. A long
time ColdFusion user, Raymond has worked on numerous ColdFusion books
and is the creator of many of the most popular ColdFusion community web
sites. He is an Adobe Community Expert, user group manager, and the
proud father of three little bundles of joy.
|
|
