Adrian, Thanks - I was wondering if I was EVER going to get a dissenting opinion! ;-)
I should clarify my previous statements by referring to "production level code". I too use SELECT * when I'm doing test or development, and then, if that script is ever going to make it into production, I go back and then specify only the columns I need. As for changing the SQL slightly, you are correct, that will force it to work again, however, if you are dealing with a production control system and you can't just 'tweak' the code without going through some sort of change control process, then it will drive you NUTS (which it probably does anyway). The idea is that to avoid the error completely, avoid the SELECT *, and then you won't even have to touch the code at all. In our environment, when we are ready to implement a change that requires DB changes, often we put the db changes in before the code goes in (sometimes even a day or more in advance), as long as they are DB changes that won't break existing code, like 'adding columns', for example. In our case, what happened was that we dropped a column that hadn't been in use for awhile, and everything broke because of the SELECT * and cfqueryparam. Cfqueryparam was initially blamed, but that wasn't the real problem, of course. In any case, I made the 'generalized' statement on purpose hoping someone would give me a reason to believe otherwise, and, as far as production level code is concerned, I'm still not convinced. :) Dave -----Original Message----- From: Adrian Lynch [mailto:[EMAIL PROTECTED] Sent: Thursday, July 24, 2008 8:34 AM To: CF-Talk Subject: RE: (ot) URL Hack Attempt Leaves Me Scractching My Head... Dear Dave Phillips, you have made a generalisation and I have a dissenting opinion ;O) I use SELECT * for quick and dirty scripts, always have done, always will do. Another way around the error is to change your SQL slightly. Throw in a line break and a different execution plan is used. No it's not ideal, but it works if you come across this problem. Adrian -----Original Message----- From: Experienced CF Developer [mailto:[EMAIL PROTECTED] Sent: 21 July 2008 22:32 To: CF-Talk Subject: RE: (ot) URL Hack Attempt Leaves Me Scractching My Head... And for those of you who take this advice and DO use cfqueryparam ***always*** make sure you NEVER use SELECT * (which you shouldn't do anyway). I inherited an application that had a ton of SELECT * all over it and no cfqueryparam tags. Over the years I added cfqueryparam tags as I worked on the application, adding new features, and updated old ones/fixing bugs. Then I ran into a situation. If I didn't update the SELECT * to include actual column names, and one of the column names got dropped from the table I was referencing in my SELECT query with a cfqueryparam, then BAM, the application would break. Two hard and fast rules to live by: 1. Use cfqueryparam - ALWAYS 2. Use SELECT * - NEVER I'm sure someone will now provide some comment as when generalizations are usually made, someone has a dissenting opinion (to which, of course, you are fully entitled!) :) Sincerely, Dave Phillips ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309587 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
