Name

cfqueryparam

Synopsis

<cfquery>
SQL statements
  [<cfqueryparam>]
</cfquery>

Checks the datatype and optionally validates a query parameter within the SQL statement of a cfquery tag. Multiple cfqueryparam tags may be used with a single cfquery tag.

The SQL that is generated by the cfqueryparam tag is dependent on the database used. If the database being used doesn’t support bind parameters, validation is still performed with the validated parameter being written back to the string. If for any reason validation fails, ColdFusion throws an exception. The following rules determine the validation performed:

  • cf_sql_smallint, cf_sql_integer, cf_sql_real, cf_sql_float, cf_sql_double, cf_sql_tinyint, cf_sql_money, cf_sql_money4, cf_sql_decimal, cf_sql_numeric, and cf_sql_bigint can be converted to numbers.

  • cf_sql_date, cf_sql_time and cf_sql_timestamp can be converted to a valid date format.

In versions of ColdFusion prior to MX, Sybase 11 native drivers don’t support the binding of SQL parameters. This is not an issue in MX as native drivers are no longer supported.

If the maxlength attribute is used, the length of the value for the specified parameter can’t exceed the specified length; otherwise an error is thrown.

Attributes

value=" parameter_value "

The value that ColdFusion should pass to the right of the comparison operator in the WHERE clause. Required.

cfsqltype=" parameter_data_type "

The SQL type that the parameter is bound to. Required. The default is cf_sql_char. Possible ...

Get Programming ColdFusion MX, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial