We use ColdFusion and a ColdFusion based content management system by PaperThin called CommonSpot.

I encourage my developers to avoid direct access to tables and to use stored procedures for just about everything. We gained a huge performance boost by using this method.

If I understand the process, to run a direct query on a ColdFusion based site.

• The ColdFusion engine has to translate your query so that ODBC can understand it.
• ODBC translates your query into something that it can understand.
• SQL Server takes your query and works out how best to execute it.
• Reverse the above for the recordset

A stored procedure has already worked out how best to run your query and therefore SQL Server can return the records much faster.

Direct selects may also open up your site for SQL Injection attacks.