Hi Bob, Check here for a list of the available options and their corresponding data types for some major SQL providers (for some reason MySQL isn't there): http://www.cfquickdocs.com/cf8/#cfqueryparam.
As for your question, generally using cfqueryparam is recommended for any value that could be provided by the user. The main purpose is to eliminate SQL injection attacks by binding the parameters and preventing the use of SQL commands within the values (see http://xkcd.com/327/ for a fun example). it also provides some level of optimization. Personnally I've taken the habit of putting it pretty much for all my dynamic values in my queries. It just helps me sleep better at night. hth Francois Levesque http://blog.critical-web.com/ On Thu, Apr 16, 2009 at 10:49 AM, BobSharp <bobsh...@ntlworld.com> wrote: > > I have been searching for some explanation of > the different Types used in CFQueryParam. > > understand that SCALE= is used to validate the position of decimal, > but still confused by ... FLOAT, DECIMAL, MONEY, MONEY4. > > > I am using <CFquery > INSERT > do I need to use <CFQueryParam > for all values ? > > > > > > -- > I am using the free version of SPAMfighter. > We are a community of 6 million users fighting spam. > SPAMfighter has removed 12962 of my spam emails to date. > Get the free SPAMfighter here: http://www.spamfighter.com/len > > The Professional version does not have this message > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321646 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
