Calling Stored Procedures

Most enterprise-level databases (MS SQL Server, DB2, Oracle, Informix, Sybase) support creating special programs within the database called stored procedures. Stored procedures allow you to encapsulate SQL and other database-specific functions in a wrapper that can be called from external applications. There are several reasons to use stored procedures whenever possible in your applications:

  • Stored procedures execute faster than identical code passed using the CFQUERY tag because they are precompiled on the database server.

  • Stored procedures support code reuse. A single procedure needs to be created only once and can be accessed by any number of templates, even different applications and those written in other languages.

  • Stored procedures allow you to encapsulate complex database manipulation routines, often utilizing database-specific functions.

  • Security is enhanced by keeping all database operations encapsulated within the stored procedure. Because ColdFusion passes parameters only to the stored procedure, there is no way to execute arbitrary SQL commands.

There are two ways to call stored procedures in ColdFusion. You can use the CFQUERY tag (which is now outdated) or the CFSTOREDPROC tag (which is new as of ColdFusion Version 4.0). Unfortunately, material on writing stored procedures is beyond the scope of this book. For more information on creating stored procedures, consult the documentation for your specific database.

Using CFSTOREDPROC

The preferred ...

Get Programming ColdFusion now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.