Checks the data type of a query parameter.

The cfqueryparam tag is nested within a <cfquery> tag.

It is embedded within the query SQL statement.

If you specify its optional parameters, cfqueryparam also performs data validation.

It's use is essential for performance and security

This tag cannot have a body.

This tag is also supported within <cfscript>

<cfqueryparam value=any sqltype=string cfsqltype=string maxlength=number charset=string scale=number null=boolean list=boolean separator=string >
Attribute Description
any, optional

Specifies the value that Lucee passes to the right of the comparison operator in a where clause.

You can also pass in an Array as the value, which is automatically handled like list="true".

string, optional

The SQL type that the parameter (any type) will be bound to. A list of SQL types can be found on the SQL Type page. All can be used with or without the CF_SQL_ prefix.

number, optional

Maximum length of the parameter. The default value is the length of the string specified in the value attribute.

string, optional

This attribute is used for 2 things: - it checks if the given value is compatible with that charset - to check the binary length of the value (see attribute maxlength).


number, optional

Number of decimal places of the parameter. The default value is zero.

boolean, optional

Yes or No. Indicates whether the parameter is passed as a null. If Yes, the tag ignores the value attribute. The default is No.

boolean, optional

True or False, the default is False

Indicates whether to process the value attribute as a comma delimited list of values, separated by a separator character.

You can also pass an array as a value which automatically achieves the same result and doesn't require list="true", unless list is explictly set to "false"

string, optional

Specifies the character that separates values in the list of parameter values in the value attribute. The default is a comma. If you specify a list of values for the value attribute, you must also specify the list attribute.

Unimplemented Attribute(s)

Attribute Description
string, optional

This attribute has been deprecated, instead, use the attribute "sqltype" that has the same functionality.

* deprecated *


		_test = queryNew("_id,_need,_forWorld","integer,varchar,varchar", [[01,'plant', 'agri'],[02, 'save','water']]);
	<cfquery name="qTest" dbtype="query">
		select * from _test
		where _id = <cfqueryparam sqltype="integer" value="2" />
	<cfdump var="#qtest#" />

See also