Using onRequest as a pre processor

Question

Is it possible to pre-process cfquery commands such that cfqueryparam is wrapped around the parameters?

Example:

<cfquery name="local.qry">
SELECT FirstName
FROM Person
WHERE PersonID = #arguments.PersonID#
</cfquery>

Q: Could onRequest pre-process this query to ensure that arguments.PersonID was an integer?

Answer 1

No. Firstly, onRequest() executes at runtime, but which time all your code has been compiled, so it's not the CFML that's being executed anyhow. So you're too late.

Secondly... why would you be wanting to link a code-writing-time (for lack of a better term) operation to a runtime operation? Code gets written once, then - on even a light-traffic website - gets executed orders of magnitude more frequently than that. So your pre-process operation would be be trying to run on code #ordersOfMagnitude-1# times more often than it would be necessary to do so.

Let's step back... what's the underlying problem that had you head down this path in the first place? It's probably that issue that needs looking at, not this notion of pre-processing code at runtime (probably raise a different question, or completely revise this one).

Answer 2

I agree with Adam and just wanted to add that if you use cfqueryparam around your arguments it can validate the type for you at runtime. You just need to change your query like so:

<cfquery name="local.qry">
SELECT FirstName
FROM Person
WHERE PersonID = <cfqueryparam cfsqltype="cf_sql_integer" value="#arguments.PersonID#" />
</cfquery>

If arguments.PersonID is not a valid integer the query will not be executed and an error will be thrown.