coldfusion queries

Anytime I'm using a query I need to log into the database (as I don't have ODBC setup to do it)

<cfquery name="rsUser" datasource="dbname" username="admin" password="adminpass">
    SELECT * 
    FROM dbo.UsersView
    WHERE UserID = #session.userid#
</cfquery>

the part I don't like is having the username and password visible every time I make a query. I could use a #parameter# but tha开发者_StackOverflowt is only a small improvement. Any other ideas short of setting up the ODBC on the server?

If you are using a datasource, you don't need to supply the username and password, they are provided when you set up the datasource. If you don't set up a datasource in the CF Administrator, then you have to user username and password attributes but you'd also have to supply the db server information as well.

So, in short, just pull out your username and password and you should be fine.

Also, it is best practice to use for values passed into your query (in this case, session.userid). cfqueryparam not only helps protect you against security issues like SQL injection attacks, it also tells the the db server to create a prepared statement which will be reused in subsequent calls of the query and thus will increase performance of your queries.

Sometimes people don't like to put their username and password into the CF Admin and there is a simple way around that would be to put your datasource information in the Application.cf(c|m).

If using Application.cfm just do the following somewhere in the Application.cfm

Application.dsn = {
    datasource = 'mydatasource',
    username = 'myusername',
    password = 'mypassword'
}

If using Application.cfc place the same code into your onApplicationStart method. Then in your query just use the following

<cfquery name="myquery" attributeCollection="#Application.dsn#">
     SELECT * FROM mytable
</cfquery>

As you can see this makes your code nice and easy to manage and if your DSN changes you only have to change it in one place.