> And what about the security factor? I've always been under > the assumption that if your CF only had access to run SPs > you were safer from SQL injection.
Well, technically, if you are consistent in your use of CFQUERYPARAM, it will have the same effect. However, one common approach in security is to limit what is possible. With regard to database access, stored procedures allow you to do a better job of this, by limiting what can go wrong in your application code. Of course, if both the application code and the stored procedures are written by the same (diligent) programmer, that might not have any net effect, but in many cases that might not be true. That's one reason why I favor stored procedures. > I didn't know there were so many proponents for inline SQL. > I've just always figured MSSQL was better able to run some > pre-compiled execution plan in the case of an SP, over ad-hoc > SQL queries. Actually, most databases can perform just as well using a prepared statement created using CFQUERYPARAM as with a stored procedure. The execution plans in either case can be stored and reused. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:222743 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
