EXEC()ing a string won't produde the same execution plan as the base SQL (<---<< a guess) and you lose cfqueryparam and cfprocparam's biggest benefit, protecting against injection.
Adrian -----Original Message----- From: Aaron Rouse Sent: 30 October 2008 19:52 To: cf-talk Subject: Re: cfqueryparam vs cfstoredproc? I do you feel it would defeat the point? On Thu, Oct 30, 2008 at 2:19 PM, Adrian Lynch <[EMAIL PROTECTED]>wrote: > Exactly, which kinda defeats the point I feel. > > I've got a few ways that I might try but for now I'm back to writing SPs. > > If anyone's interested, I have the full DAO code here: > > http://adrianlynch.co.uk/post.cfm?postID=21 > > Adrian > Building a database of ColdFusion errors at http://cferror.org/ > > -----Original Message----- > From: [EMAIL PROTECTED] > Sent: 30 October 2008 18:28 > To: cf-talk > Subject: RE: cfqueryparam vs cfstoredproc? > > > exec() > or sp_executesql > > You would need to pass in the arguments as a list to the procedure and > then do the looping and building of a dynamic query with SQL. Then > execute what you have created. > > Good luck. Dynamic SQL isn't nearly as easy in SQL than CF. Also, you > will have to take additional steps to paramaterize it. (requires > sp_executesql) > > FYI: My advice assumes MS SQL. > > ~Brad > > -------- Original Message -------- > Subject: RE: cfqueryparam vs cfstoredproc? > From: "Adrian Lynch" <[EMAIL PROTECTED]> > Date: Thu, October 30, 2008 1:06 pm > To: cf-talk <cf-talk@houseoffusion.com> > > An open question then... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314632 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
