If you have read my previous posts on "Execution Plans" and Data Binding you know I am a big believer in using Cfqueryparam for performance as well as security. Today I picked up a tip on this topic from harelmalka.com (a blog I had never read before). I had never considered it before, but a query with no "WHERE" clause does not using binding because it lacks the opportunity. Therefore, a statement like:
<CFQUERY ...>
SELECT * FROM Users
</CFQUERY>
Would not include a prepare statement and not hit the execution plan. Hmmm.... The solution (originally detailed by
Barny) is to add a superfluous binding merely for the purpose of kicking off the "prepare statement" method. Like so:
<CFQUERY ...>
SELECT * FROM Users
WHERE 1 = <cfqueryparam cfsqltype="CF_SQL_INTEGER" value="1">
</CFQUERY>
That get's the job done nicely.