Pete Freitag Pete Freitag

Multiple Statements with MySQL and JDBC

Published on May 16, 2005
By Pete Freitag

Cameron Childress pointed out the allowMultiQueries setting in the MySQL JDBC driver on the CFGURU list. It is set to false by default to protect you from SQL Injection attacks. When set to true MySQL will allow multiple SQL statements (separated by a semi-colon) to be executed in a single CFQUERY tag. If you need to run multiple statements in a single CFQUERY, Dave Watts suggested creating another datasource with this setting turned on, which is only to be used when your running multiple statements.

But don't let this stop you from using prepared statements with CFQUERYPARAM, just because MySQL is safe by default - it is still a best practice, adds performance and type safety. Using allowMultiQueries=false will only prevent a very small subset of SQL Injection attacks.

mysql jdbc cfguru cfqueryparam prepared statements cfquery

Multiple Statements with MySQL and JDBC was first published on May 16, 2005.

If you like reading about mysql, jdbc, cfguru, cfqueryparam, prepared statements, or cfquery then you might also like:

Discuss / Follow me on Twitter ↯