Solved

CFQUERYPARAM or not

Posted on 2011-09-16
6
366 Views
Last Modified: 2013-12-24
for the query below should I be using CFQUERYPARAM?

The ClientStatusID will not be a variable. it will always be as shown.

SELECT     m.IMailID, m.ClientID, m.EnvelopeImagePath, m.EnvelopeImageStatus, m.EnvelopeImageName, u.UserID, u.FirstName, u.LastName, u.UserEmail,
                      m.EnvelopeAlertDate ,(select count(*) from imail.tblIMail where ClientID = u.ClientID) as documentCount, c.ClientStatusID
FROM         imail.tblIMail AS m INNER JOIN
                      imail.tblClients AS c ON m.ClientID = c.ClientID INNER JOIN
                      imail.tblUsers AS u ON c.ClientID = u.ClientID
WHERE  (c.ClientStatusID = 1 or c.ClientStatusID = 2)
AND NOT EXists (SELECT act.UserID
                   FROM imail.tbliMailActions act
                   where act.UserID  = u.UserID
                              and act.IMailID = m.IMailID)
0
Comment
Question by:Shawn
  • 3
  • 2
6 Comments
 
LVL 19

Expert Comment

by:erikTsomik
ID: 36552103
well I would be using <cfqueryparam to prevent the sql injection and security purposes

0
 
LVL 52

Accepted Solution

by:
_agx_ earned 500 total points
ID: 36552145
No.  

You only need to use cfqueryparam when the query uses variable or user supplied input. If neither of those are true, you don't need cfqueryparam.
0
 
LVL 52

Expert Comment

by:_agx_
ID: 36552167
>> WHERE  (c.ClientStatusID = 1 or c.ClientStatusID = 2)

Having absolutely nothing to do with your question ;-) you could increase readability by rewriting it as:

     WHERE  c.ClientStatusID IN (1,2)
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 1

Author Closing Comment

by:Shawn
ID: 36552231
thanks agx. that's what i thought but wasn't sure.

also thx for the query pointer. changed and is now easier to follow :-)
0
 
LVL 52

Expert Comment

by:_agx_
ID: 36552270
The primary reasons for using it are
A) performance/caching
B) defense against sql injection
C) data type checking

I used to do it myself, but then discovered there's no benefit with constants.
A) If the values don't change the db will cache the query plan without cfqueryparam's help
B) Since they're not user supplied, there's nothing to defend against. Unless it's yourself. But then you've got bigger problems than cfqueryparam can fix.
C) Doesn't apply with constants
0
 
LVL 1

Author Comment

by:Shawn
ID: 36552311
good set of rules. I shouldn't have any more doubts. :)
0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I spent nearly three days trying to figure out how incorporate OAuth in Coldfusion for the Eventful API. Hopefully, this article will allow Coldfusion Programmers to buzz through the API when they need to. Basically, what this script does is authori…
Introduction This article explores the design of a cache system that can improve the performance of a web site or web application.  The assumption is that the web site has many more “read” operations than “write” operations (this is commonly the ca…
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now