The cf_sql_ is optional in cfqueryparam

February 1, 2019 by Pete Freitag

This is not exactly a new trick, but it is quite useful and I find not many people know that the cf_sql_ prefix is optional in the cfsqltype attribute of cfqueryparam. So instead of doing this:

WHERE id = <cfqueryparam value="#url.id#" cfsqltype="cf_sql_integer">

You can just do this:

WHERE id = <cfqueryparam value="#url.id#" cfsqltype="integer">

This works on ColdFusion 11+ or Lucee 4.5+

The Fixinator Code Security Scanner for ColdFusion & CFML is an easy to use security tool that every CF developer can use. It can also easily integrate into CI for automatic scanning on every commit.