>>I too was concerned about your solution being put forward in a security context...because it's not.
Yes it is. It serves two purposes: 1. check if the value is correct, and 2 detect an attack if ithe value is not correct. But if the value is not correct (a positive integer), the query is not even executed, now THAT'S security! Using CFQUERYPARAM would do only part 1. Now I could also check for a potential attack AFTER the query thrown an error. Sure. I find more efficient NOT TO run the query at all, and easier to write than using <CFTRY... <CFCATCH for every query. -- _______________________________________ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309426 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4