>I can't vouch for php, .Net but at least in the Java world ORM reduces that >risk to nil. And its built into the ORM, so if the ORM can't work out your >polymorphic function in the database then how does it do it?
php is as ColdFusion and Java; you can use a plain query string or use a parametised statement / prepared statement. If you use the prepared statement, you are protected from SQL injection (unless your SQL is running some code on the db that takes your input and runs it as dynamic SQL, of course ;). I think the main trouble with cfqueryparam is that it has not been pushed enough in the documentation and in books. This is why reams of application are not using it - the people writing the queries did not know any different. I would say the same is true of php and prepared statements though I have not enough experience in php to vouch for that. ORM is brilliant and hibernate appears to be great news for CF9. However, I believe that ORM is an application design *choice* and not something to be forced by the language (therefore hibernate will not interfere with cfquery I presume. That said, I think that if CF could make use of hibernate's data mapping knowledge to rewrite a plain query to be a parametised one, that would be great news indeed. I think that is what Andrew is getting at - if it could be done efficiently and without configuration or convention that would have to be welcome. A question for anyone who knows hibernate then; does it require configuration per database, rely on convention or does it query the schema to generate its mappings automatically? Dominic ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311117 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
