<cfqueryparam> is ColdFusion’s way of fighting against SQL injection attacks. If, however, you just put <cfqueryparam> in your SQL or MySQL query, people entering the wrong type of input will get a server-side error message, which will make them think your website is messed up instead of realizing they put in the wrong type of input.
If you use <cfcatch>, be sure to specify that the type is database if you want to be able to display your own error message.
Here’s an example:
<cfquery name=”somequeryname” datasource=”somedatasource“>
WHERE someotherfield = <cfqueryparam