User Guide
282 Chapter 2: ColdFusion Tags
cfquery
Description
Passes queries or SQL statements to a data source.
Macromedia recommends that you use the
cfqueryparam tag within every cfquery tag, to help
secure your databases from unauthorized users. For more information, see:
• Security Bulletin ASB99-04, "Multiple SQL Statements in Dynamic Queries," in the
Macromedia Security Zone, http://www.macromedia.com/devnet/security/security_zone/
asb99-04.html.
• Chapter 20, “Accessing and Retrieving Data,” in Developing ColdFusion MX Applications
Category
Database manipulation tags
Syntax
<cfquery
name = "query_name"
dataSource = "ds_name"
dbtype = "query"
username = "username"
password = "password"
maxRows = "number"
blockFactor = "blocksize"
timeout = "seconds"
cachedAfter = "date"
cachedWithin = "timespan"
Either of the following:
debug = "Yes" or "No"
or:
debug
>
SQL statement(s)
</cfquery>
See also
cfinsert, cfprocparam, cfprocresult, cfqueryparam, cfstoredproc,
cftransaction, cfupdate,
chapters 19-22 of Developing ColdFusion MX Applications
History
ColdFusion MX:
• Changed Query of Queries behavior: it now supports a larger subset of standard SQL. For
more information, see Chapter 22, “Using Query of Queries,” in Developing ColdFusion MX
Applications.
• Changed dot notation support: ColdFusion now supports dot notation within a record set
name. ColdFusion interprets such a name as a structure. For more information, see Chapter
22, “Using Query of Queries,” in Developing ColdFusion MX Applications.
• Deprecated the connectString, dbName, dbServer, provider, providerDSN, and sql
attributes, and all values of the
dbtype attribute except query. They do not work, and might
cause an error, in releases later than ColdFusion 5.