Yikes, I just dropped something on the send button prematurely. > I'm a programmer of 3 years now and only started coding in CF about a year > ago whilst my database > knowledge is not that great one marked difference (my very little experience > anyway) from speaking > to my CF colleagues is that most of them refuses to use stored procedure or > even views, their main > point of arguement is that cfqueryparam pre-compiles, does data type > validation and foils sql injection etc.. > > But coming from the other side (.NET C# realm), everything I did as far as > SQL was concerned was > done in the database, it was also very easy to port some of my C# code to CF > and now vice-versa > since my database logic was and is totally separate from the code base. > > Why not let database do what is was made for.....am I missing something here?
No, you're not really missing anything here. That said, your colleagues are also right, in a sense. Prepared statements do provide the same functionality with regard to data type validation, performance, and SQL injection prevention as functionally identical stored procedures. Beyond that, though, each provides specific advantages not found by the other. The advantages of stored procedures over prepared statements are the portability across applications you mention, the ability to further restrict permissions on the database, and the ability to perform procedural logic and more complex functionality within the database that you couldn't do with a passthrough query. The advantages of prepared statements over stored procedures are the ability to more easily generate data-driven SQL statements at the application layer, and portability across databases if written in ANSI-92 SQL (which may be more important than portability across applications, or less, depending on your specific needs). So, there really isn't a clear "right answer", which is why both options exist. I prefer to use stored procedures when I can, but I wouldn't generalize from that to calling it a best practice. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:317082 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
