Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 701
  • Last Modified:

Best practice for CFQuery: using DBName as attribute or in SQL?

When using CFQuery, is it best to have the database name as an attribute (example code 1) or as part of the SQL (example code 2)?  

Does this make a difference for ColdFusion query caching (cachedWithin)?

(currently using ColdFusion 8)
example 1:
<cfquery name="qCountry" datasource="LOCALDSN" dbname="#curr_db_name#">
SELECT * FROM tblCountry WHERE country_id = #cid#
</cfquery
 
example 2
<cfquery name="qCountry" datasource="LOCALDSN">
SELECT * FROM #curr_db_name#.dbo.tblCountry WHERE country_id = #cid#
</cfquery

Open in new window

0
paid_tech
Asked:
paid_tech
  • 3
  • 3
3 Solutions
 
erikTsomikSystem Architect, CF programmer Commented:
it does not really matter the datasource get setup in CF administrator which will point to the DB file. So what you doing is absolutely identicall and has no effect on the perforance
0
 
SidFishesCommented:
actually dbname is deprecated and should not be used

"Deprecated the connectString, dbName, dbServer, provider, providerDSN, and sql attributes, and all values of the dbtype attribute except query. They do not work, and might cause an error, in releases later than ColdFusion 5. "

from livedocs
0
 
paid_techAuthor Commented:
thank you for pointing out the deprecation of dbname
(http://www.cfquickdocs.com/cf8/?getDoc=cfquery#cfquery)
just to clarify I have about 40 databases, one for each site, and they are all setup through the same ColdFusion Datasource/DSN.

1) if its possible to switch to a DSN for each database, should we change to that?
2) So should I use the format of example 2, with the dname in front of each table name in the SQL? (example below)

<cfquery name="qCountry" datasource="LOCALDSN">
SELECT * 
FROM #curr_db_name#.dbo.tblCountry  AS c
LEFT OUTER JOIN #curr_db_name#.dbo.tblCountryStatus AS cs ON c.country_id = cs.country_id
WHERE country_id = #cid#
</cfquery

Open in new window

0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
SidFishesCommented:
yes example 2 would be the best approach...i believe it's actually a bit better than multiple dsn's as it use the db's power rather than cf's and that's always a good thing

you could try putting the variable in application scope if each site has it's own codebase

FROM #application.curr_db_name#.dbo.tblCountry  AS c

0
 
paid_techAuthor Commented:
thank you SidFish

also does this approach (with dbname in SQL) affect the ColdFusion query caching?

would ex 3 & 4 be considered different queries by ColdFusion, and hence be cached as different queries?

ex 3:
<cfquery name="qCountry" datasource="LOCALDSN">
SELECT * 
FROM funSite.dbo.tblCountry  AS c
LEFT OUTER JOIN funSite.dbo.tblCountryStatus AS cs ON c.country_id = cs.country_id
WHERE country_id = 5
</cfquery>
 
ex 4:
<cfquery name="qCountry" datasource="LOCALDSN">
SELECT * 
FROM testSite.dbo.tblCountry  AS c
LEFT OUTER JOIN testSite.dbo.tblCountryStatus AS cs ON c.country_id = cs.country_id
WHERE country_id = 5
</cfquery>

Open in new window

0
 
SidFishesCommented:
"To pull from the cache, more than just the name of the query must match. Here's the list:

    * Same query "Name"
    * Exact same SQL statement - "where username='bubbaLouie'" and "where username = 'samIam'" are 2 different statements, ergo 2 different queries in the cache - even if they are both "named" NightOnTown.
    * Same Datasource - for those of you who fail to assume and stumbled onto that thought.
    * Same Username and password - This is interesting to note. If you have a site with a shared datasource but multiple db usernames you may not get the benefit from caching that you think you should.
    * Same DBTYPE"

http://mkruger.cfwebtools.com/index.cfm?mode=entry&entry=EAA0D1CA-01F6-F3EC-5520AAD6EEC68061


that being said, if you're not using (which your examples don't)

cachedwithin="#crateTimespan(0,010,0)#" in your cfquery tag you're not using caching anyways... (and caching has to be enabled in cfadmin)

for the benefit of future readers of this q, as noted in the article, versions prior to CF8 could not use cached queries -and- cfqueryparam. This is a major problem as imho, there is no circumstance where you should eliminate the use of cfqueryparam as protection agaisnt sql injection even if it means giving up server performance.




0
 
paid_techAuthor Commented:
Thank you very much, your answers were detailed and easy to understand
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now