Skip to main content
A
Anonymous
February 17, 2012
Question

Removing <cfqueryparam improves perfromance

  • February 17, 2012
  • 2 replies
  • 2244 views

Oracle 10g

Field type varchar2( 1 byte) 'Y' or 'N'

I have a slow performing query that runs up to 20 times faster when I remove <cfqueryparam> from the field

there are 6 filters in the where clause all have <cfqueryparam>

if I remove <cfqueryparam value = #selog#> and replace with

fp.org = '#selog#'  2011 ms

vs

fp.org = <cfqueryparam value = #selog#> 45028 ms

I have tried setting the cfsqltype thru various settings and quoting the value "#selog#".  I also have this same filtered applied in othere queries without issue.  My question is there cases cfqueryparam can negatively impact performance.

This topic has been closed for replies.

2 replies

D
Dan_Bracuk
Inspiring
February 17, 2012

Just out of curiousity, are those results consitent?  I often see the same sort of difference simply by running the same query twice.

Regarding Dave's comment about using queryparam for security, anyone who does that is probably not validating user inputs.  They might also not realize that using queryparam allows javascript to be stored in your db, which then, might execute.

A
Anonymous
February 17, 2012

Yes very consistent and very odd. This is a series of 3 different queries that are selected by the user. They are all similar and all use cfqueryparam. This is the only one that is consistently slow, unless I remove the cfqueryparam from the one filter.

D
Community Expert
Dave WattsCommunity Expert
Community Expert
February 17, 2012

My question is there cases cfqueryparam can negatively impact performance.

Yes, absolutely. Overall, using CFQUERYPARAM usually improves performance, but there are plenty of cases where using a prepared statement (which is what CFQUERYPARAM does) is slower than using ad-hoc SQL and letting the query analyzer build a new execution plan.

Of course, we don't just use CFQUERYPARAM for performance, but also for security, so you might want to use it even in those cases where queries are slower. If there is any chance that a value used in a query can be unsafe, it makes sense to use CFQUERYPARAM. In the case you mention above, though, you might not need it - if, for example, there are two possible values (Y, N) you could easily handle those values safely other ways, by using literal values.

Dave Watts, CTO, Fig Leaf Software

Dave Watts, Eidolon LLC
Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices