CF Snippets

Pass a named SQL parameter with queryExecute()

Use parameters for all user-submitted data to protect against SQL injection.

var params = {
  username: { value: form.username, sqltype: "varchar" },
  password: { value: form.password, sqltype: "varchar" }
};
var data = queryExecute(
  "SELECT * FROM users WHERE username=:username AND password=:password",
  params
);