coldfusion cfml coldfusion-11 cfquery cfqueryparam

ColdFusion queryExecute parameters object?

I started using cfscript in my projects recently. While working with cfscript I used queryExecute() function to run queries. In few situations there was more than one query in the same function. These queries shared some of the same parameters. I was wondering if I can have one structure that will hold all parameters for all queries. This is what I tried:

local.qryParams = structNew();
structAppend(qryParams, {rec_id = {cfsqltype="cf_sql_numeric", value="#arguments.rec_id#"}});
structAppend(qryParams, {position = "#application.position#"});
structAppend(qryParams, {user_id = "#client.userid#"});
structAppend(qryParams, {title = {cfsqltype="cf_sql_varchar", value="#arguments.title#", maxlength: 50}});
structAppend(qryParams, {description = {cfsqltype="cf_sql_varchar", value="#arguments.description#", maxlength: 1000}});

Then I have two variables with SQL:

local.insertSQL = "
    INSERT INTO notes(rec_id, title, description, user_id, last_update) 
    VALUES (:rec_id, :title, :description, :user_id, getDate())
";
local.updateSQL = "
    UPDATE profile
    SET last_update = getDate(),
        user_id = :user_id
    WHERE rec_id = :rec_id
        AND position = :position
";

Then on the very end I have two execute functions:

queryExecute(insertSQL, qryParams , {datasource="#application.datasource#", result: "insertResult"});
queryExecute(updateSQL, qryParams , {datasource="#application.datasource#", result: "updateResult"});

Both functions executed successfully and record was inserted/updated. My questions are:

Is this a good approach to store all query parameters in one structure?
Is there any potential problem or security issue doing it that way?
Any suggestions/comments?

Thank you!

Solution

This is kind of an open ended question, but here goes

Q1: Is this a good approach to store all query parameters in one structure?
A1: Yes, but you may want to consider using entities if you like this.

Q2: Is there any potential problem or security issue doing it that way?
A2: None that I know of

Q3: Any suggestions/comments?
A3:

If your datasource is in application.cfc, you don't need to explicity state it.
You are getting the result the hard way. Consider myResult=QueryExecute(...)
You can build the struct in one shot. You don't need all these structAppend()s. structNew() is way too much typing. Consider {}.
user_id = "#client.userid#" is way too much typing... Just user_id = client.userid is enough.
You changed styles of building structs {cfsqltype="cf_sql_varchar", value="#arguments.title#", maxlength: 50}. IMHO, use : instead of =

Hope this is helpful