Anytime I'm using a query I need to log into the database (as I don't have ODBC setup to do it)
<cfquery name="rsUser" datasource="dbname" username="admin" password="adminpass">
SELECT *
FROM dbo.UsersView
WHERE UserID = #session.userid#
</cfquery>
the part I don't like is having the username and password visible every time I make a query. I could use a #parameter# but that is only a small improvement. Any other ideas short of setting up the ODBC on the server?
If you are using a datasource, you don't need to supply the username and password, they are provided when you set up the datasource. If you don't set up a datasource in the CF Administrator, then you have to user username and password attributes but you'd also have to supply the db server information as well.
So, in short, just pull out your username and password and you should be fine.
Also, it is best practice to use for values passed into your query (in this case, session.userid). cfqueryparam not only helps protect you against security issues like SQL injection attacks, it also tells the the db server to create a prepared statement which will be reused in subsequent calls of the query and thus will increase performance of your queries.