The cf_sql_ is optional in cfqueryparam
This is not exactly a new trick, but it is quite useful and I find not many people know that the
cf_sql_ prefix is optional in the
cfsqltype attribute of
cfqueryparam. So instead of doing this:
WHERE id = <cfqueryparam value="#url.id#" cfsqltype="cf_sql_integer">
You can just do this:
WHERE id = <cfqueryparam value="#url.id#" cfsqltype="integer">
This works on ColdFusion 11+ or Lucee 4.5+
Like this? Follow me ↯Tweet Follow @pfreitag
The cf_sql_ is optional in cfqueryparam was first published on February 01, 2019.
The Fixinator Code Security Scanner for ColdFusion & CFML is an easy to use security tool that every CF developer can use. It can also easily integrate into CI for automatic scanning on every commit.