And, in this case, having <cfqueryparam> helps you debug weird errors that you'd get when a field that is expected to be numeric is blank or not numeric.
Ie where myField=#someval# will result in an unrecognizable syntax error if #someval# is an empty string, and the line number will be the end of the query, not necessarily the variable location. where myField=<cfqueryparam value="#someval#" cfsqltype="cf_sql_integer"> will give you an error on a the exactly line number and tell you that "" is not valid data for type cf_sql_integer. Then, you don't have to spend a lot of time trying to figure out what's wrong with the query. Rick On Wed, Mar 6, 2013 at 12:13 AM, Byron Mann <byronos...@gmail.com> wrote: > > I'd have to agree with Dave. > > The only time I've seen an issue (with cfqueryparam) was with something > like a sql string generated based on say a search form and then that being > passed to a stored procedure that executes the statement in the procedure. > > Not to say it's impossible, for there are those that have way more time on > their hands than I. > > Byron Mann > Lead Engineer & Architect > HostMySite.com > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354858 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
