Slashdot is running an article on SQL Injections attacks on the rise. I went through a few of the comments and was glad to see that CF was mentioned in there, though only once. It then reminded me just why I use <cfqueryparam> other than performance.For those of you who are writing your queries always remember to use <cfqueryparam>. Its good practice and a quick way to prevent these attacks. To find out exactly how this helps check out the Adobe article at:
http://www.adobe.com/devnet/coldfusion/articles/cfqueryparam.html