July 23, 2008ColdFusion’s CFQUERYPARAM tag is important for several reasons, most notably data type validation, improved query performance, and foiling SQL injection attacks.
Basic usage is simple:
SELECT *
FROM tblCustomers
WHERE customer_id = <cfqueryparam value=”#FORM.custID#” cfsqltype=”cf_sql_integer”>
The cfsqltype parameter validates the passed value before it is sent to the database server. Once validated, the query is sent to the database [...]
Posted in coldFusion 
15 Comments »
content rss