And for those of you who take this advice and DO use cfqueryparam ***always*** make sure you NEVER use SELECT * (which you shouldn't do anyway).
I inherited an application that had a ton of SELECT * all over it and no cfqueryparam tags. Over the years I added cfqueryparam tags as I worked on the application, adding new features, and updated old ones/fixing bugs. Then I ran into a situation. If I didn't update the SELECT * to include actual column names, and one of the column names got dropped from the table I was referencing in my SELECT query with a cfqueryparam, then BAM, the application would break. Two hard and fast rules to live by: 1. Use cfqueryparam - ALWAYS 2. Use SELECT * - NEVER I'm sure someone will now provide some comment as when generalizations are usually made, someone has a dissenting opinion (to which, of course, you are fully entitled!) :) Sincerely, Dave Phillips -----Original Message----- From: Matt Quackenbush [mailto:[EMAIL PROTECTED] Sent: Monday, July 21, 2008 4:21 PM To: CF-Talk Subject: Re: (ot) URL Hack Attempt Leaves Me Scractching My Head... Did I really just read that? Please, someone, anyone, tell me that I didn't. Claude, you're certainly free to do what you wish to do in your own applications, so this comment is not directed to you at all. For those of you who are actually trying to learn and become better programmers/developers, please, do yourselves, your bosses, your fellow developers, and your clients a HUGE favor and completely ignore the advice of anyone that tells you not to use cfqueryparam. If you have read this thread, or any thread like it and you're not using it, you deserve what you get. Bottom line: ***always*** use cfqueryparam. Period. There are no acceptable "exceptions to the rule". On Mon, Jul 21, 2008 at 3:54 PM, Claude Schneegans wrote: > CFQUERYPARAM is a nice and powerful feature, but it makes SQL code more > difficult to read, > so the best is to use it only when it is really necessary. > For me, using CFQUERYPARAM systematically for every parameter is as stupid > as never using it at all. > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309411 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
