rabidGadfly

Glenn Gervais's methods, tips, and musings on Flash, ColdFusion, XML, and other web technology.

Posts Tagged ‘cfqueryparam

Use cf_sql_timestamp for MS SQL and MySQL date types

Hopefully, if you’re using ColdFusion, you’re already using cfqueryparam in your queries for better performance and security against SQL Injection attacks. If you’re not, you should read this.
When using cfqueryparam you specify a value and an SQL type. Dates can be assigned two different types, cf_sql_date and cf_sql_timestamp. cf_sql_date is intended to be used [...]

CFQUERYPARAM with LIKE and IN Clauses

ColdFusion’s CFQUERYPARAM tag is important for several reasons, most notably data type validation, improved query performance, and foiling SQL injection attacks.
Basic usage is simple:
SELECT *
FROM tblCustomers
WHERE customer_id = <cfqueryparam value=”#FORM.custID#” cfsqltype=”cf_sql_integer”>
The cfsqltype parameter validates the passed value before it is sent to the database server. Once validated, the query is sent to the database [...]

Powered by Wordpress | WP Premium theme by Premium Wordpress Themes
Copyright 2009 rabidGadfly. All rights reserved

• Glenn’s Coding Portfolio