I've always had the impression that if you use stored procedure and so far it's not dynamically built string you're fine, so like my example in previous post, you put your query in MS SQL and use EXEC to call the query on your CF pages, I sometimes Declare the parameter but most times it's like the way I've described before. Should I stop everything I'm doing now and start editing my codes?!! Luckily I'm less than 2 years in CF, I only have about 6 applications to worry about..;
Stored Proc: @uid uniqueidentifier AS BEGIN SELECT ID,column1, column2..etc FROM tbltable WHERE UID = @uid END CF Page: <cfquery name="doStuff" datasource="#application.DSN#"> DECLARE @Param1 varchar; EXEC usp_getSomeData @param = '#url.uid#' </cfquery> >Matt, > >Why are you not using cfwqueryparam in the cf code below? Do you have a good >reason not to do so? > >-mark > > > >Mark A. Kruger, CFG, MCSE >(402) 408-3733 ext 105 >www.cfwebtools.com >www.coldfusionmuse.com >www.necfug.com > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321515 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4