Dave, Let me wholeheartedly agree with you... CFQUERY is one of the number one reasons to use CF - you can copy and paste from your favorite query tool and you don't have to fool with string concatenation. about 40 to 60 percent of what we do is working with, maintaining and modifying queries. Doing it the way described below ... I might as well use ASP :)
-Mark -----Original Message----- From: Dave Watts [mailto:[EMAIL PROTECTED] Sent: Friday, August 25, 2006 12:08 PM To: CF-Talk Subject: RE: coldfusion sql injection > My example using PrepareStatements. > > This makes a "sql injection attack" a thing of the past and > its also faster. While you might have perfectly valid reasons for doing this, it is what CFQUERYPARAM does for you, if you're using CFQUERY. If I wanted to write all my database connection stuff in Java, why would I even bother to use CF at all? Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:251048 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4