Before we finish this chapter, there is something you should be aware of. Look at the following code:
<!--- Get a movie from database ---> <cfquery name="movie" datasource="ows"> SELECT FilmID, MovieTitle, PitchText, Summary, DateInTheaters, AmountBudgeted FROM Films WHERE FilmID=#URL.FilmID# </cfquery>
As you now know, this code builds a dynamic SQL statement—the expression #URL.FilmID# is replaced by the contents of that variable to construct a complete SQL SELECT statement at runtime.
This particular example is a simple one; a single expression is used in a simple WHERE clause. But as the complexity of the expressions (or the number of them) increases, so does the chance that you’ll introduce problems in ...