Some DBMSs let you send multiple SQL statements in a single query. However, hackers might try to modify URL or form variables in a dynamic query by appending malicious SQL statements to existing parameters. Be aware that there are potential security risks when you pass parameters in a query string. This can happen in many development environments, including ColdFusion, ASP, and CGI. Using the cfqueryparam tag can reduce this risk.