In case anyone is interested. This is the JS bookmark widget that parses Queryparam debugging info. Very handy.
http://www.bennadel.com/blog/459-Merging-ColdFusion-SQL-Debugging-And-Query-Params-With-Javascript.htm HTH G! On Mon, May 2, 2011 at 9:14 AM, Gerald Guido <gerald.gu...@gmail.com> wrote: > >>- CFQUERYPARAM makes all values look like "parameter 1"... in the error > messages, instead of the real values, not really handful when debugging; > > There are parsers that will show the actual queries with values. My > favorite is the one that Ben Nadel wrote. It is a little JS bookmark widget. > > > >>- CFQUERYPARAM makes all queries more difficult to write AND to read for > programmers; > > Opinion. Depends on the person. I have not problem with using them. Besides > the bulk of the SQL code for most of my CRUD's are machine generated. > > G! > > On Mon, May 2, 2011 at 8:49 AM, <> wrote: > >> >> Right. >> However about CFQUERYPARAM, keep in mind that: >> - this will prevent SQL injection, not all form of attacks; >> - CFQUERYPARAM makes all values look like "parameter 1"... in the error >> messages, instead of the real values, not really handful when debugging; >> - CFQUERYPARAM makes all queries more difficult to write AND to read for >> programmers; >> - disabling multiple statement execution in the database will prevent from >> SQL injection as well. >> - ending a query on an error because of CFQUERYPARAM will prevent the >> injection, but will not give you any hint that it was really an attack. >> >> Personally I prefer checking crucial form and url parameters and >> eventually ban the intruder before submiting the query. >> >> >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344124 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
