Skip to main content
A
Anonymous
August 2, 2011
Question

3 cfqueryparam questions

  • August 2, 2011
  • 2 replies
  • 1030 views

In a cfqueryparam tag for a SQL server text type       , is cfsqltype="CF_SQL_CHAR"          with maxlength="256" ok ?

In a cfqueryparam tag for a SQL server datetime type,is cfsqltype="CF_SQL_TIMESTAMP" with a maxlength="23" ok ?

Is maxlength needed in either of these situations ?

    This topic has been closed for replies.

    2 replies

    D
    Dan_Bracuk
    Inspiring
    August 3, 2011

    Max length is not needed for timestamps.

    For the character field, it will probably prevent your app from crashing if you try to pass a 10 character string to a char (9) field.  However, it will probably just truncate your value which might not be what you want to happen.

    Owainnorth
    Owainnorth
    Inspiring
    August 3, 2011

    it will probably prevent your app from crashing if you try to pass a 10 character string to a char (9) field.

    I have a feeling it won't, it'll just throw a CF exception rather than a Database exception, it just means the database connection is never attempted.

    To be honest, I haven't used maxlength in years, it seems an odd (and largely pointless) way of enforcing security. As mentioned it's nonsensical on timestamps, don't bother with that.

    If your site is sensibly protected against SQL injection attacks, maxlength really won't do a lot.

    A
    Adam Cameron.
    Inspiring
    August 3, 2011

    it will probably prevent your app from crashing if you try to pass a 10 character string to a char (9) field.

    I have a feeling it won't, it'll just throw a CF exception rather than a Database exception, it just means the database connection is never attempted.

    Correct.

    To be honest, I haven't used maxlength in years, it seems an odd (and largely pointless) way of enforcing security. As mentioned it's nonsensical on timestamps, don't bother with that.

    If your site is sensibly protected against SQL injection attacks, maxlength really won't do a lot.

    I guess the only benefit is that the code won't bother the DB if the data won't fit in the DB column.  However that's probably the job of the database to manage, not the job of the application code, so I'd not bother using it.

    --

    Adam

    -
    -__cfSearching__-
    Inspiring
    August 2, 2011

    What do you mean by "ok"?

    I suspect the code would execute, if that is what you are asking.  But specifying the length of a date/time value seems a little unusual.  What is the context of your question?

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices