I primarily use CFQUERYPARAM to prevent SQL injection. Since Query-of-Queries (QoQ) does not touch the database, is there any logical reason to use CFQUERYPARAM in them? I know that values that do ...

How can you do a select in on more than 2100 values? <cfquery name="result.qryData"> SELECT sub_acct_no, ... FROM dbo.Closed_ORDER WHERE ord_no IN <cfqueryparam cfsqltype="CF_SQL_varch...

I've just experienced a behaviour that defies any logic and could potentially lead to serious issues and was wondering if it was a bug or if the behaviour was itended and what are the best practice...

So if I have a cfqueryparam, and the datatype in SQL is TEXT, which of the CFSQLTypes do I use? Or do I follow the below link about uniqueidentifiers? Or is it just better to change the datatype to...

I have the following query that runs in 16ms - 30ms. <cfquery name="local.test1" datasource="imagecdn"> SELECT hash FROM jobs WHERE hash in( 'EBDA95630915EB80709C69089315399B', '3617B8E6C...

I am trying to improve my application's security. Whenever I receive data from the user (whether through POST or GET) that is supposed to be an integer, I validate that appropriately. But often the...

I'm curious how the maxlength attribute works in CFQUERYPARAM when you are passing a list. Does the maxlength apply to the length of the entire list (i.e. length of "1,2,3,4,5,6" = 11)? Or does the...

When connecting from Coldfusion 8 to a MS SQL 2008 datasource, what Coldfusion cfsqltype should I use for a SQL column set to 'uniqueidentifier'. <cfquery name="user" datasource="#ds#"> SEL...

I'm trying to be a good CF web developer and use <cfqueryparam> around all FORM or URL elements that make it to my SQL queries. In this case, I'm trying to allow a user to control the ORDER...