QueryParam Scanner

QueryParam Scanner is a tool that scans your codebase looking for queries. For every query it finds, it will check if there are any CFML variables in that query that are not contained within a cfqueryparam tag. Once complete, it will display a list of files with queries to be checked.

The latest released version is v0.7.4 which can be downloaded from the Hybridchill Project Download page or from this GitHub page.

There is a release candidate for the next version currently available on GitHub, for further details see this blog entry.

There is also an Eclipse Plugin available - the prefered install method for this is through Eclipse Update, using the URL in the readme file within the download above, however if you want to install manually you can instead download the JAR file.

If you have any problems, questions, or feedback of any sort please use the contact details below.


QueryParam Scanner makes use of features that require a Java-based CFMX-compatible engine.

However, it can be run against CFML code written for any engine, including CF5.

The following engines have been tested to ensure compatibility with the current release:

For the following engines, you will need to use v0.7.3.1, available at GitHub.

If you do not have one of these engines to run the tool with, Railo Express is recommended as the fastest way to get going.


Please send any questions or queries relating to QueryParam Scanner via email to qpscanner_project@hybridchill.com


The current release (v0.7) of qpScanner has the following features:

Future Features / Wishlist

The following features are scheduled for v0.8:

The following features are on the wishlist, but no guarantees can be given:

If there are any features you want implemented, please let me know.