don't get what you mean. Tried some tests over here and all spaces were caught. please give an example.
<cfparam name="variable" type="numeric"> will this automatically set the default value to "0" even though you aren't specifying it? should it be <cfparam name="variable" type="numeric" default="0">? Anthony Petruzzi Webmaster 954-321-4703 [EMAIL PROTECTED] http://www.sheriff.org -----Original Message----- From: Cravens, Billy [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 22, 2002 12:11 PM To: CF-Talk Subject: RE: Don't leave stuff lying around >> 3) finally make sure that you don't have an empty string >> <cfif >> variables.username EQ "" OR >> variables.password EQ ""> >> <cflocation url="index.cfm" addtoken="No"> >> </cfif> Actually, spaces won't be caught - use trim(len(string)) instead >> Make sure that you also check numeric values >> >> <cfparam name="url.id" default="0"> >> <cfset variables.id = val(url.id)> IMHO, it's easier to use CFParam to throw when an invalid datatype is passed: <cfparam name="variable" type="numeric"> --- Billy Cravens -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 22, 2002 10:52 AM To: CF-Talk Subject: RE: Don't leave stuff lying around Personally I think this comes from not doing error checks in your code more than leaving stuff lying around. Don't get me wrong, I think that at least once month you should go through your production site and see if everything is in order. Actually you should do that with each update. However, the first lines of every page should be error checking: 1) check to make sure each variable that is passed to the page exists and has a default value. <cfparam name="form.username" default=""> <cfparam name="form.password" default=""> 2) qualify the variables passed and make sure that they meet your standard for length and characters allowed. you have no idea how many people think that just because they put a maxlength in a form field that they are safe. <--- Username and password can only be alphanumeric and no more than 50 characters ---> <cfset variables.username = left(trim(ReReplaceNoCase(form.username, "[^A-Za-z0-9]", "", "ALL")), 50)> <cfset variables.password = left(trim(ReReplaceNoCase(form.password, "[^A-Za-z0-9]", "", "ALL")), 50)> 3) finally make sure that you don't have an empty string <cfif variables.username EQ "" OR variables.password EQ ""> <cflocation url="index.cfm" addtoken="No"> </cfif> Make sure that you also check numeric values <cfparam name="url.id" default="0"> <cfset variables.id = val(url.id)> Anthony Petruzzi Webmaster 954-321-4703 [EMAIL PROTECTED] http://www.sheriff.org -----Original Message----- From: Philip Arnold - ASP [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 22, 2002 10:57 AM To: CF-Talk Subject: RE: Don't leave stuff lying around Another option to stop this happening is to have them have a form at the start - they won't do the work until the form has been submitted... Stops the search engines bumping into them or WebTrends re-running stuff Philip Arnold Technical Director Certified ColdFusion Developer ASP Multimedia Limited Switchboard: +44 (0)20 8680 8099 Fax: +44 (0)20 8686 7911 www.aspmedia.co.uk www.aspevents.net An ISO9001 registered company. ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. ********************************************************************** > -----Original Message----- > From: Richard Meredith-Hardy [mailto:[EMAIL PROTECTED]] > Sent: 22 May 2002 13:29 > To: CF-Talk > Subject: Don't leave stuff lying around > > > This morning I got into work to discover >3000 error messages > generated > since 4:30 yesterday afternoon with more pouring in by the minute. > > I had something of a panic attack as the site has been running with no > errors for months. As it turned out, I had inadvertently left an old > "one time" CF script on the server which had rebuilt a stored > proc to a > now-redundant version and was easy enough to undo. > > What had done this? IP traces from the site's logs showed the request > to this rogue script coming from inside the client's gateway. > At first I > suspected someone there who didn't know what they were doing > had simply > been fiddling with the site, but as it turned out, they were running a > badly configured copy of webtrends which was itself requesting pages > that appear in the logfiles. It seems that Webtrends decided > to go and > check it out by requesting it - probably to ascertain its status code, > and in so doing invoked the stored procedure deletion / re-creation. > > Moral: Don't leave stuff lying around. > > -- > Regards; > > Richard Meredith-Hardy > ------------------------------------------------------------- > [EMAIL PROTECTED] > Mob: + 44 7771 526513 > ______________________________________________________________________ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
