SELECT stuff FROM somewhere <cfif listLen(form.listOfIDs)> WHERE id IN (<cfqueryparam list="true" value="#Form.ListOfIds#" cfsqltype="cf_sql_integer"/>) </cfif>
If I'm reading the above correctly, when the condition <cfif listLen(form.listOfIDs)> is not true, it will cause the SQL to process without the WHERE and thus, select all records in the table. You may want to change that more like: SELECT stuff FROM somewhere WHERE id<cfif listLen(form.listOfIDs)> IN (<cfqueryparam list="true" value="#Form.ListOfIds#" cfsqltype="cf_sql_integer"/>)<cfelse>=0</cfif>; Just a thought... Robert B. Harrison Director of Interactive Services Austin & Williams 125 Kennedy Drive, Suite 100 Hauppauge NY 11788 P : 631.231.6600 Ext. 119 F : 631.434.7022 http://www.austin-williams.com Great advertising can't be either/or. It must be &. Plug in to our blog: A&W Unplugged http://www.austin-williams.com/unplugged __________ Information from ESET Smart Security, version of virus signature database 4655 (20091202) __________ The message was checked by ESET Smart Security. http://www.eset.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:328778 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
