Do I have to use cfqueryparam for static values?

Question

Say I have this as my where clause:

WHERE status = 1

Is there any benefit when doing it like:

WHERE id = <cfqueryparam value="1" maxlength="32" cfsqltype="cf_sql_integer">

I use that 1 value repeatedly throughout my queries.

possible duplicate of [Using cfqueryparam with constants](http://stackoverflow.com/questions/26141672/using-cfqueryparam-with-constants) — Dan Bracuk, Apr 28 '15 at 01:35

Regular Jo · Answer 1 · 2015-04-28T01:32:31.850

3

You do not need to. There is no security gain from param'ing static text.

However there is a performance gain in query optimization so it is still a gain to do so but this only applies when a new query must be run, so its not a gain beyond the first run of a static query.

Always param variables though.

edited Apr 28 '15 at 01:32

answered Apr 28 '15 at 01:26

Regular Jo

5,190
3
25
47

There is not always a performance gain - only if your DBMS can use bind variables. – David Faber Apr 28 '15 at 01:30
I am using PostgreSQL 8.4 – Kevin Apr 28 '15 at 01:36

Do I have to use cfqueryparam for static values?

1 Answers1