> What is the difference of doing this: > > <cfif getClient.saveAsUnicode eq 1>N</cfif>'#address#', > > over this: > > <cfqueryparam value="#address#" cfsqltype="cf_sql_varchar">
They're not comparable at all. The CFQUERYPARAM tag builds a prepared statement and uses a bind parameter for your value. > Is there a performance gain? Generally, prepared statements execute faster than plain ol' passthrough SQL. Of course, there are always exceptions. > How does CF handle this differently? > Does cfqueryparam behave the same in 5,6 and 7? > Does SQL do anything differently? > > Any general points would also be grateful. > > I am just trying to understand the differences better - I > know everyone goes around saying you must use cfqueryparam > beacuse its better, security etc etc. So I am just trying to > validate this a bit. http://www.macromedia.com/devnet/coldfusion/articles/cfqueryparam.html There isn't really anything that's changed significantly with CFQUERYPARAM across versions. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:232159 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
