A) Always use <cfqueryparam/>. (Note the period.)
B) When in doubt, use <cfqueryparam/> anyways. (Note the period.)
C) While preserveSingleQuotes() can be a useful tool at times, I would have
a very difficult time thinking of a time where I would use it.
D) Always use <cfqueryparam/>. (Note again, the period.)
E) You cannot use <cfqueryparam/> in the midst of a <cfset />.
F) Always use <cfqueryparam/>. (Once again, a period.)
<cfquery>
INSERT INTO personalevent (
eventid,
userid,
username,
eventdate
)
VALUES (
<cfqueryparam value="#FORM.eventidentity#" cfsqltype="CF_SQL_INTEGER">,
<cfqueryparam value="#FORM.whois#" cfsqltype="CF_SQL_INTEGER">,
<cfqueryparam value="#FORM.juser#" cfsqltype="CF_SQL_VARCHAR">,
<cfqueryparam value="#FORM.eventdate#" cfsqltype="CF_SQL_DATE">
);
</cfquery>
G) In case you missed it, ****ALWAYS**** use <cfqueryparam/>. PERIOD.
:-)
HTH
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Want to reach the ColdFusion community with something they want? Let them know
on the House of Fusion mailing lists
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:324030
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
