The cf_sql_ is optional in cfqueryparam

Published on February 01, 2019
By Pete Freitag

This is not exactly a new trick, but it is quite useful and I find not many people know that the cf_sql_ prefix is optional in the cfsqltype attribute of cfqueryparam. So instead of doing this:

WHERE id = <cfqueryparam value="#url.id#" cfsqltype="cf_sql_integer">

You can just do this:

WHERE id = <cfqueryparam value="#url.id#" cfsqltype="integer">

This works on ColdFusion 11+ or Lucee 4.5+

cfqueryparam tips

The cf_sql_ is optional in cfqueryparam was first published on February 01, 2019.

The Fixinator Code Security Scanner for ColdFusion & CFML is an easy to use security tool that every CF developer can use. It can also easily integrate into CI for automatic scanning on every commit.

Try Fixinator

The cf_sql_ is optional in cfqueryparam

CFBreak The weekly newsletter for the CFML Community

CFBreak
The weekly newsletter for the CFML Community