Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
branch: master
Fetching contributors…

Cannot retrieve contributors at this time

34 lines (25 sloc) 0.919 kb

ColdFusion

In ColdFusion there is a tag called cfqueryparam that should be used whenever writing inline queries.

<cfquery name="queryTest">
SELECT FirstName, LastName, Phone
FROM   tblUser
WHERE  Status =
  <cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.status#">
</cfquery>

Stored procedures can be invoked with the cfstoredproc and cfprocparam tags.

Recent versions of ColdFusion provide a set of functions to run queries that have a slightly different syntax, but still provide parameterized queries.

<cfscript>
  var myQuery = new Query(sql="
    SELECT FirstName, LastName, Phone
    FROM   tblUser
    WHERE  Status = :status
  ");
  myQuery.addParam(
    name      = "status",
    value     = form.status,
    cfsqltype = "cf_sql_varchar"
  );
  var rawQuery = myQuery.execute().getResult();
</cfscript>
Jump to Line
Something went wrong with that request. Please try again.