> I used to despise them to, but then I realised something > pretty cool about > these tags, they work out the datatype of the columns for > you, so generating > truly dynamic queries where you don't know what datatype each > column will be > is posisble.
One thing I've always wondered is do you have protection against sql-injection attacks when you use cfinsert/cfupdate? When you use cfquery with a regular insert/update statement, you need to use cfqueryparam to make sure people don't destroy your database. But does cfinsert/cfupdate do that stuff automatically? Sounds like a question for a tinkerer like Ben Nadel. :) "EMF <idahopower.com>" made the following annotations. ------------------------------------------------------------------------------ This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. ============================================================================== ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:262306 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
