Описание тега cfqueryparam

`<cfqueryparam>` is a ColdFusion tag that is used to parameterize values that are used in the `<cfquery>` </cfquery></cfqueryparam>

Some of the benefits to using the <cfqueryparam> tag include:

  • All special characters are escaped
  • Protection against SQL injection attacks.
  • While ColdFusion is not strongly typed, SQL is. The CFSQLTYPE attribute converts the ColdFusion variables to the proper SQL type
  • NULLs can be handled separately from blank strings
  • ColdFusion lists can be converted for use in SQL Select IN statements
  • SQL can make better use of query plans

For more details

https://helpx.adobe.com/coldfusion/cfml-reference/coldfusion-tags/tags-p-q/cfqueryparam.html

For cfscript equivalent

https://helpx.adobe.com/coldfusion/cfml-reference/coldfusion-functions/functions-m-r/queryexecute.html

Also see

cfquery cfml coldfusion sql-execution-plan