I found a bunch of false positives when running CFQUERYPARAM_REQ, all on MS SQL Server. I know on MySQL apparently one can cfqueryparam in the SELECT statement for instance, but MS SQL Server doesn't allow that.

Is there any chance a change/improvement to the SQL parsing process could weed out some or all of those kinds of reportings?

1. SELECT TOP #arguments.numberOfRecords# ...

2. SELECT something FROM #application.config.LinkedServerName#.somethingelse.dbo.Comment C WITH (NOLOCK)...

3. <cfqueryparam value="Data copied from #variables.siteDetailList[arguments.siteID]["name"]# - #dateFormat(now(),"DD/MM/YYYY")#" cfsqltype="varchar">

4. OPEN SYMMETRIC KEY #config.symmetrickey#
   DECRYPTION BY CERTIFICATE #config.dbCertificate#
   ...
   CLOSE SYMMETRIC KEY #config.symmetricKey#

5. SELECT '#arguments.additionalValue#' AS aID, '#arguments.additionalOption#' AS trans ...