Multiple Statements with MySQL and JDBC
Cameron Childress pointed out the
allowMultiQueries setting in the MySQL JDBC driver on the CFGURU list. It is set to false by default to protect you from SQL Injection attacks. When set to true MySQL will allow multiple SQL statements (seperated by a semi-colon) to be executed in a single
CFQUERY tag. If you need to run multiple statements in a single
CFQUERY, Dave Watts suggested creating another datasource with this setting turned on, which is only to be used when your running multiple statements.
But don't let this stop you from using prepared statements with
CFQUERYPARAM, just because MySQL is safe by default - it is still a best practice, adds performance and type safety.
- Prepared Statements in PHP and MySQL - May 16, 2005
- MySQL JDBC Load Balancing with MySQL Cluster - November 28, 2008
- Mastering CFQUERYPARAM - July 24, 2008
- Why is my cron.daily script not running?
- Announcing FuseGuard Version 3
- CFSummit 2017
- Java Unlimited Strength Crypto Policy for Java 9 or 1.8.0_151
- Java 9 Security Enhancements
- Upcoming CFML Conferences in April 2017
- CFSummit 2016 Slides
- Securing Legacy CFML - dev.Objective() 2016 Slides