On Thu, Sep 23, 2010 at 3:02 PM, Jacob Munson <yacoub...@gmail.com> wrote: > > > That said, this does not work if you don't use cfqueryparams for > everything. For example, this query would NOT be a prepared statement (from > what I understand): > > <cfquery name="bday" datasource="#myDSN#"> > select birthDate > from familyGroups > where child = <cfqueryparam value="#form.children#" > cfsqltype="cf_sql_varchar"> > and stillMinor = 1 > </cfquery>
Actually that is most definatley NOT true. If you run the same query again with a different value for #form.children#, it will use the prepared statement ... but if you were to run it with a different value for stillMinor, it would create a NEW prepared statement. So if you're always running the query with "stillMinor=1" then you don't need to put the "1" in a cfqueryparam, you still get all the benefits of the behind the scenes stuff that CF does. BTW if you ever really want to see what coldfusion is sending to the database, and you're using SQL Server, turn on SQL Profiler. It's some crazy shit ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337439 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
