ColdFusion

In ColdFusion there is a tag (function) called cfqueryparam that should be used whenever writing inline queries.

<cfquery datasource="#application.dsn#" name="qryTest" maxrows="#intRows#"> SELECT FirstName, LastName, Phone FROM tblUser WHERE Status = <cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.status#"> </cfquery>

If you have stored procedures in your database, you can call them using the cfstoredproc and cfprocparam tags.

Fork me on GitHub