Does cfquery becomes a prepared statement as long as there’s 1 cfqueryparam? Or are there other conditions?
What happen when the ORDER BY clause or FROM clause is dynamic? Would every unique combination becomes a prepared statement?
And what happen when we’re doing cfloop with INSERT, with every value cfqueryparam’ed, and invoke the cfquery with different number of iterations?
Any potential problems with too many prepared statements?
How does DB handle prepared statement? Will they be converted into something similar to store procedure?
Under what circumstances should we Not use prepared statement?
Thank you!
I can answer some parts of your question:
a query will become a preparedStatement as long as there is one
<queryparam. I have in the past added awhere 1 = <cfqueryparam value="1"to queries which didn’t have any dynamic parameters, in order to get them run as preparedStatementsMost DBs handle preparedStarements similarly to Stored Procedures, just held temporarily, rather than long-term, however the details are likely to be DB-specific.
Assuming you are using the drivers supplied with ColdFusion, if you turn on the ‘Log Activity’ checkbox in the advanced panel of the DataSource setup, then you’ll get very detailed information about how CF is interacting with he DB and when it is creating a new preparedStatement and when it is re-using them. I’d recommend trying this out for yourself, as so many factors are involved (DB setup, Driver, CF version etc). If you do use the DB logging, re-start CF before running your test code, so you can see it creating the prepared statements, otherwise you’ll just see it re-using statements by ID, without seeing what those statements are.