If you really can't build it using conditions/loops/etc within your query tag then build it like you are but eliminate the cfqueryparam tags, and HEAVILY validate the variables being put into those tags. Then you can concatenate a string together that will work. You'll just need to be super careful to ensure no invalid text is being put into the variables. Remove anything non-numeric from number fields with a regular expression, remove any html from text, eliminate any single quotes from text. That sort of thing.
That said I'm not sure quite why it's faster/easier/more manageable to build a dynamic string then it is to build a dynamic query? Perhaps you could look into building views within your database or even content that is aggregated into a single table on a periodic basis to make your situation more straightforward and manageable. Regards, Nick Voss ncv...@gmail.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354017 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
