In my CF component, I tried to filter data from user input (getSearchString) and run the code, I having problem with WHERE function. Can suggestion what is the correct way?
<cffunction name="getParks" access="remote" returntype="struct">
<cfargument name="page" required="true" />
<cfargument name="pageSize" required="true" />
<cfargument name="gridsortcolumn" required="true" />
<cfargument name="gridsortdirection" required="true" />
<cfargument name="getSearchString" default="" />
<cfif arguments.gridsortcolumn eq "">
<cfset arguments.gridsortcolumn = "parkName" />
<cfset arguments.gridsortdirection = "asc" />
</cfif>
<cfquery name="parks" datasource="cfdocexamples">
select parkName, parkType, city, state
from parks
where <cfqueryPARAM value = "#getSearchString#" CFSQLType = "CF_SQL_VARCHAR">
order by #arguments.gridsortcolumn# #arguments.gridsortdirection#
</cfquery>
<cfreturn queryconvertforgrid(parks, page, pagesize) />