Most enterprise-level databases (MS SQL Server, DB2, Oracle, Informix, Sybase) support creating special programs within the database called stored procedures. Stored procedures allow you to encapsulate SQL and other database-specific functions in a wrapper that can be called from external applications. There are several reasons to use stored procedures whenever possible in your applications:
Stored procedures execute faster than identical code passed using the
CFQUERY tag because they are precompiled on the
Stored procedures support code reuse. A single procedure needs to be created only once and can be accessed by any number of templates, even different applications and those written in other languages.
Stored procedures allow you to encapsulate complex database manipulation routines, often utilizing database-specific functions.
Security is enhanced by keeping all database operations encapsulated within the stored procedure. Because ColdFusion passes parameters only to the stored procedure, there is no way to execute arbitrary SQL commands.
There are two ways to call stored procedures in ColdFusion. You can
CFQUERY tag (which is now outdated) or the
CFSTOREDPROC tag (which is new as of ColdFusion
Version 4.0). Unfortunately, material on writing stored procedures is
beyond the scope of this book. For more information on creating
stored procedures, consult the documentation for your specific
The preferred ...