<cfqueryparam>
Checks the data type of a query parameter.
The cfqueryparam tag is nested within a <cfquery> tag.
It is embedded within the query SQL statement.
If you specify its optional parameters, cfqueryparam also performs data validation.
It's use is essential for performance and security
This tag cannot have a body.
This tag is also supported within <cfscript>
<cfqueryparam
value=any
sqltype=string
cfsqltype=string
maxlength=number
charset=string
scale=number
null=boolean
list=boolean
separator=string
>
| Attribute | Description |
|---|---|
value
any, optional
|
Specifies the value that Lucee passes to the right of the comparison operator in a where clause. You can also pass in an Array as the value, which is automatically handled like list="true". |
sqltype
string, optional
|
The SQL type that the parameter (any type) will be bound to. A list of SQL types can be found on the SQL Type page. All can be used with or without the |
maxlength
number, optional
|
Maximum length of the parameter. The default value is the length of the string specified in the value attribute. |
charset
string, optional
|
This attribute is used for 2 things: - it checks if the given value is compatible with that charset - to check the binary length of the value (see attribute maxlength). Introduced: 5.3.8.25 |
scale
number, optional
|
Number of decimal places of the parameter. The default value is zero. |
null
boolean, optional
|
Yes or No. Indicates whether the parameter is passed as a null. If Yes, the tag ignores the value attribute. The default is No. |
list
boolean, optional
|
True or False, the default is False Indicates whether to process the value attribute as a comma delimited list of values, separated by a separator character. You can also pass an array as a value which automatically achieves the same result and doesn't require list="true", unless list is explicitly set to "false" |
separator
string, optional
|
Specifies the character that separates values in the list of parameter values in the value attribute. The default is a comma. If you specify a list of values for the value attribute, you must also specify the list attribute. |
Unimplemented Attribute(s)
| Attribute | Description |
|---|---|
cfsqltype
string,
optional
|
This attribute has been deprecated, instead, use the attribute "sqltype" that has the same functionality. * deprecated * |
Usage Notes
Prior to Lucee 6, empty values would be auto cast to nulls, Since Lucee 6 only strings behave this way LDEV-4410
Examples
<cfscript>
_test = queryNew("_id,_need,_forWorld","integer,varchar,varchar", [[01,'plant', 'agri'],[02, 'save','water']]);
</cfscript>
<cfquery name="qTest" dbtype="query">
select * from _test
where _id = <cfqueryparam sqltype="integer" value="2" />
</cfquery>
<cfdump var="#qtest#" />
See also
- Compatibility / Migration with other CFML engines
- Queries
- QuerySetCell()
- Query Handling In Lucee
- Lucee Sql Types
- <cfquery>
- Search Issue Tracker
- Search Lucee Test Cases (good for further, detailed examples)