Matthew Allen wrote: > Why not let database do what is was made for.....am I missing something here?
I suspect you are missing just how stubborn people can be in their ways. There are trade offs with using stored procedures, just as with any choice. But *not* using <cfqueryparam...> is not really a good one. Yes you don't use <cfqueryparam...> and get a pre-compiled SQL statement, but you have a pre-compiled stored procedure so that is really a plus for the SP. But just because it is a stored procedure does not guarantee that the code is safe from SQL injection. It is just as possible to write stored procedures that blindly accept untrusted inputs and build SQL operations that can be coerced into doing more then the developer intended by hackers. One reason for the popularity of inline queries over stored procedures is the simplicity of having all the code in one place. Until my current position, I did not have access to databases where I could write my own stored procedures. So I had to either involve a DBA to do it for me, or I could just write the code myself in inline queries, 8 out of 10 times the latter was much simpler to do and get the job done. But even during those days, I saw the advantages of stored procedures, and would advocate for them every chance I got. Now I work for an organization where the DBA's are afraid of developers, developing all the code for an application. Thus I can now write and compile my own stored procedures in the database, so I am starting to make more use of them. I still often start with inline queries when I am proofing up a new concept, because it is still simpler when all the code is in one place. But once a project gets going, I look forward to putting all the pieces where they can be done by the best tool available, which as a rule of thumb is letting databases do the heavy data work. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:317083 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
