Stack Overflow
Stack Overflow

Questions tagged [cfqueryparam]

`` is a ColdFusion tag that is used to parameterize values that are used in the ``

Some of the benefits to using the <cfqueryparam> tag include:

  • All special characters are escaped
  • Protection against SQL injection attacks.
  • While ColdFusion is not strongly typed, SQL is. The CFSQLTYPE attribute converts the ColdFusion variables to the proper SQL type
  • NULLs can be handled separately from blank strings
  • ColdFusion lists can be converted for use in SQL Select IN statements
  • SQL can make better use of query plans

For more details

https://helpx.adobe.com/coldfusion/cfml-reference/coldfusion-tags/tags-p-q/cfqueryparam.html

For cfscript equivalent

https://helpx.adobe.com/coldfusion/cfml-reference/coldfusion-functions/functions-m-r/queryexecute.html

Also see

65 questions
3
votes
1 answer

Which cfsqltype to use for Oracle's Number(*,0) datatype in cfqueryparam?

I am a little bit confused with which datatype I should use for Oracle's Number(*,0) with zero scale and any precision? Which one should I use CF_SQL_INTEGER or CF_SQL_FLOAT? and why?
Tushar Bhaware
  • 2,525
  • 1
  • 16
  • 29
3
votes
1 answer

cfquery not returning results when mulitple cfqueryparam are used

The following cfquery is failing in ColdFusion when the multiple cfqueryparams are used; however, when they are not used or only limited to one or the other the query returns the expected results:
rjzii
  • 14,236
  • 12
  • 79
  • 119
3
votes
1 answer

What is the most appropriate Coldfusion cfsqltype to use for MS SQL's uniqueidentifier field type?

When connecting from Coldfusion 8 to a MS SQL 2008 datasource, what Coldfusion cfsqltype should I use for a SQL column set to 'uniqueidentifier'. SELECT id, username FROM users WHERE id =…
Dan Sorensen
  • 11,403
  • 19
  • 67
  • 100
3
votes
2 answers

How can I escape commas inside cfparam VARCHAR lists generated with ValueList?

Let's say there is a SQL table Fruit id | name --- ------ 1 | 'apples' 2 | 'pears' 3 | 'kiwi' 4 | 'bananas, peaches and plumbs' Given the following queries SELECT name FROM…
Daniel Mendel
  • 9,862
  • 1
  • 24
  • 37
2
votes
1 answer

how to print/display cfquery with cfqueryparam values replaced?

As you may be aware that when we dump cfquery, it dumps the cfqueryparam values into SQLPARAMETERS of the dump. It's been alright to replace a couple of parameters manually. However, lately I've started working on a project where there are tens(or…
akashb
  • 111
  • 6
2
votes
2 answers

Use of CFQUERYPARAM to specify table/column names in SQL

I need to dynamically construct a set of JOIN statements where the table and column names are passed in from another ColdFusion query. When passing the string values to into the statement, CFQUERYPARAM adds single quotes around it - that's part of…
Alistair Knock
  • 1,806
  • 2
  • 16
  • 25
2
votes
1 answer

CFQUERYPARAM throws 'incompatible type' error with HQL

My simple query: FROM recipeItems r WHERE r.recipe = AND r.otherRecipe_id <> My object recipeItems has a…
Robert Santen
  • 97
  • 8
2
votes
1 answer

ColdFusion queryExecute parameters object?

I started using cfscript in my projects recently. While working with cfscript I used queryExecute() function to run queries. In few situations there was more than one query in the same function. These queries shared some of the same parameters. I…
espresso_coffee
  • 5,980
  • 11
  • 83
  • 193
2
votes
1 answer

cfqueryparam questions/help

Via this question I've been told to start using cfqueryparam for my data, to prevent SQL injection attacks. How do I use it for my forms? Right now I've been going over Ben Forta's book, Vol 1 and been passing data to my form, then to a form…
Snow_Mac
  • 5,727
  • 17
  • 54
  • 80
2
votes
1 answer

ColdFusion 9 set decimal type for cfqueryparam?

I have few form fields where user can enter whole numbers, decimal numbers and both types can be positive or negative. In other words they can enter something like this: 1 or 0.9 or 5.6745 or -10 or -0.9 or -10.5435 I'm wondering what I should use…
espresso_coffee
  • 5,980
  • 11
  • 83
  • 193
2
votes
1 answer

cf_sql_longvarchar cut off saving a variable from coldfusion to sql 2008

Is there a character limit on cf_sql_longvarchar that I can increase, or perhaps an alternative? It seems to be cut off at 43,679 characters or somewhere around 40-45 kb.
Patrick Schomburg
  • 2,494
  • 1
  • 18
  • 46
2
votes
1 answer

Does cfldap allow cfqueryparam?

I want to prevent SQL injection attacks. We have a form that asks for the user's AD username and password. Then our processing code looks something like this:
Nick Petrie
  • 5,364
  • 11
  • 41
  • 50
2
votes
3 answers

Using cfqueryparam with custom tag? Nesting native tags with custom tags

I basically want to allow something like: SELECT `someColumn1`, `someColumn2` FROM `#someDB#`.`#someT#` WHERE …
Alex
  • 7,743
  • 1
  • 18
  • 38
2
votes
1 answer

ColdFusion: cfqueryparam for binary values

I wrote the below query based on the help provided in this link, querying binary column using like in sql server SELECT * FROM myTable WHERE TestData >= 0x00010000 AND TestData < 0x00020000; It returned the expected results. I used cfqueryparam…
RajVish
  • 191
  • 2
  • 13
2
votes
1 answer

cfqueryparam with uniqueidentifier type in table

I have a query where I am attempting to insert values into a table and one of these values (ImportID) is of type uniqueidentifier in the database. I have looked in the adobe CF documentation and saw that both cf_sql_char and cf_sql_idstamp should…
David Lance
  • 76
  • 5
1
2
3 4 5