Torrent Girl wrote: >Wrap even the ones that are required? What is the reason for this? > > >I have CFPARAM for thos that aren't required. > > CFPARAM and CFQUERYPARAM aren't equivalent functions.
cfparam will ensure that if a variables doesn't exist that it is created and set to whatever you set the default to be. If you do not specify the default attribute in cfparam, CF will throw an error is the variable doesn't exist. eg. <cfparam name="myvar"> This is useful for ensuring when a variable must already exist before getting to cfparam. cfqueryparam is used within a cfquery tag to ensure that the values that are being passed to the database are the data types specified in the sqltype attribute of the tag. cfqueryparam will make sure that the data is passed to the database in the correct format. It will also help to protect your database from sql injection attacks. Sql injection is where a piece of valid SQL is passed via a form field or url variable, which when not protected against will be executed against your database. cfqueryparam will also make some types database request more efficient. (mostly SELECT statements I believe) Regards Stephen ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:15:1246 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/15 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:15 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.15 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
