Hi Dave You could look at cfqueryparam as providing lots of features (security, type and length checking, handling of lists, etc) without ever knowing that the implementation was done via parameter binding. Because all of those features could be implemented without parameter binding (do the checking in CF and produce "raw" SQL), I would argue that the binding part is an implementation detail, and one that could be disabled without affecting much of usefulness of cfqueryparam (for security and type checking, etc).
Why would I want to disable binding? That depends on the situation, but SQL profiling (even on/especially on a production system) is really, really useful. Sure, binding may be slightly faster in some cases (and maybe lots faster in others, but I wouldn't be too sure about that), but I would bet that most slow DB queries are due to query/table/index design or the effects of query load, not on the time it takes to compile the query (which is where binding is helpful). In those situations I would prefer to see the "real" SQL, and not the cryptic execution of a precompiled statement. Another angle has to do with the way bad SQL is reported in a CF error: With binding you see the query but not the values inserted into the query. Without binding the error reports exactly what was executed. I have every CF error on my web site emailed to me and sometimes these little details are the only way to track down and fix subtle bugs so they never happen again. You would think that for all the seriousness of the security hacks everyone is talking about that CF would want to make it a complete no-brainer that we should all use cfqueryparam. You may not agree on the value of the things I don't want to go without, but I hope you can see that they are at least potentially real to someone, somewhere, sometime. Being able to flip a switch to "revert" to non-bound parameters would make that possible, so why treat it like a dumb idea? Thanks Mark -----Original Message----- From: Dave Watts [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 08, 2007 5:16 PM To: CF-Talk Subject: RE: cfquery: quotes vs queryparam > I wish CF could allow the use of the cfqueryparam tag without all of > the other side-effects (using binding, disabling > caching) so that we really could say *always* use it... Binding is not a side-effect, it is exactly what CFQUERYPARAM does. CFQUERYPARAM creates bound parameters. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! This email has been processed by SmoothZap - www.smoothwall.net ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Download the latest ColdFusion 8 utilities including Report Builder, plug-ins for Eclipse and Dreamweaver updates. http;//www.adobe.com/cfusion/entitlement/index.cfm?e=labs%5adobecf8%5Fbeta Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:285769 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4