Calling Stored Procedures
Most enterprise-level databases (MS SQL Server, DB2, Oracle, Informix, Sybase) support creating special programs within the database called stored procedures. Stored procedures allow you to encapsulate SQL and other database-specific functions in a wrapper that can be called from external applications. There are several reasons to use stored procedures whenever possible in your applications:
Stored procedures execute faster than identical code passed using the
CFQUERY
tag because they are precompiled on the database server.Stored procedures support code reuse. A single procedure needs to be created only once and can be accessed by any number of templates, even different applications and those written in other languages.
Stored procedures allow you to encapsulate complex database manipulation routines, often utilizing database-specific functions.
Security is enhanced by keeping all database operations encapsulated within the stored procedure. Because ColdFusion passes parameters only to the stored procedure, there is no way to execute arbitrary SQL commands.
There are two ways to call stored procedures in ColdFusion. You can
use the CFQUERY
tag (which is now outdated) or the
CFSTOREDPROC
tag (which is new as of ColdFusion
Version 4.0). Unfortunately, material on writing stored procedures is
beyond the scope of this book. For more information on creating
stored procedures, consult the documentation for your specific
database.
Using CFSTOREDPROC
The preferred ...
Get Programming ColdFusion now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.