I don’t need to write anything on the benefits of using CFQUERYPARAM, there have been many articles over the years doing just that. Instead I am going to cut to the chase and simply state -

‘If you are using CFQUERY, then you should always use CFQUERYPARAM when passing in typed data, end of story’.

OK, that was a bit short and dull, here are 3 very good reasons:

1. Reduces the risk of SQL injection attacks
2. Makes data more ‘SQL happy’, escapes problematic characters, eg: single quotes, forward slashes etc…
3. Forces you to think about the data being passed into your query, less mistakes made.

Not enough information for you? read this excellent article from Adobe – http://livedocs.adobe.com/coldfusion/8/htmldocs/help.html?content=queryDB_5.html#1142383