Think of validation like a pair of funnels (input/output) with
business logic in the middle. Your data must pass through the funnel
successfully on input before being put into the business logic. Data
must be passed through a screen on output to ensure it doesn't
contain any malicious metacharacters, such as < or > for XSS, on output.
-dhs
Dean H. Saxe, CISSP, CEH
[EMAIL PROTECTED]
"Dissent is the purest form of patriotism."
--Thomas Jefferson
On Sep 28, 2006, at 4:19 PM, Mischa Uppelschoten ext 10 wrote:
Any reason to validate before the <cfquery> as some suggested or is
it just personal preference vs doing in the SQL statement?
** Purely personal, I just like my SQL to look clean. If you have
to do this for 30 fields, I'd write a quick function:
<cffunction name="CleanupVar" returntype="string">
<cfargument name="FormValue">
<cfif FormValue EQ "">
<cfset NewVal = "Null">
<cfreturn x>
</cffunction>
and then call it like
<cfquery...
UPDATE MyTable
SET MySmallDateTime = #CleanupVar(form.SmallDateTimeValue)#
I hope that makes sense.
-------------------------------------------------------------
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-------------------------------------------------------------
-------------------------------------------------------------
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-------------------------------------------------------------
