User Guide
286 Chapter 2: ColdFusion Tags
cfqueryparam
Description
Verifies the data type of a query parameter and, for DBMSs that support bind variables, enables
ColdFusion to use bind variables in the SQL statement. Bind variable usage enhances
performance when executing a
cfquery statement multiple times.
This tag is nested within a
cfquery tag, embedded in a query SQL statement. If you specify
optional parameters, this tag performs data validation.
Macromedia recommends that you use the
cfqueryparam tag within every cfquery tag, to help
secure your databases from unauthorized users. For more information, see:
• Security Bulletin ASB99-04, “Multiple SQL Statements in Dynamic Queries,” at
www.macromedia.com/devnet/security/security_zone/asb99-04.html.
• Chapter 20, “Accessing and Retrieving Data,” in Developing ColdFusion MX Applications
Category
Database manipulation tags
Syntax
<cfquery
name = "query_name"
dataSource = "ds_name"
...other attributes...
SQL STATEMENT column_name =
<cfqueryparam value = "parameter value"
CFSQLType = "parameter type"
maxLength = "maximum parameter length"
scale = "number of decimal places"
null = "Yes" or "No"
list = "Yes" or "No"
separator = "separator character">
AND/OR ...additional criteria of the WHERE clause...
</cfquery>
See also
cfinsert, cfprocparam, cfprocresult, cfquery, cfstoredproc, cftransaction,
cfupdate