> I will pipe up here, and ask one question though. And the > reason I ask this is that it's maybe different for me, but I > tend not to use the cfqueryparam in cffunction's that have > cfarguments and are typed. > > I find it is not required as the function will throw an error > anyway, and the only time that it will not is if the type > asked for is a string, and in that case, I would like to know > how the cfqueryparam stops that from happening with a sql > injection?
When you use CFQUERYPARAM, you tell the database exactly what is executable SQL code and what is data, so there's no possibility of confusion on the database's part. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:250999 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
