I'm amazed at the number of problems that crop up on the mailing lists that can be solved simply by using CFQUERYPARAM rather than inlining values directly. I'm also amazed at the amount of code copy and pasted into emails regarding unrelated problems that don't use CFQUERYPARAM.
CFQUERYPARAM is your friend. Use it. Always. If you're a lazy bastard like me, set up keyboard shortcuts. I have three, one for integer, one for varchar and one for timestamp, and they all leave my cursor in position for entering the value.
And yes, I do email code without CFQUERYPARAM included. That code is always code I've typed on the fly for the email, and I almost always make a note immediately aftewards that I didn't use CFQUERYPARAM but you should. Code I email is always for illustrative purposes. If it's "real" code, it'll be a .CFM in an archive attached to the message.
Amen.
Perhaps the next wack, chapter one should read "if you learn one thing from this book it should be cfqueryparam"
I think first reason many novices don't use cfqueryparam is the impossibility to utilize cachewithin