Definitely define defaults for form/url variables. It's amazing how many
sites will throw an error if you delete a url variable.
Another thing that comes to mind is testing for query results when
outputting a query. Take the following url for example:
product.cfm?prodID=789
You may be testing for the existence of prodID, but if a user changed the
value of prodID to "1", it will still pass your <cfif isDefined("prodID">
test.
But, your query would probably not return any results. So, after you run
your query, test against the recordcount. If no records were returned,
handle it somehow.
I've seen a lot of sites that will show a blank screen where the results
should have been.
BTW, I would probably handle this by first defining the default, then
testing for a numeric var, something like:
<!--- DEFINE DEFAULT FOR PRODUCT ID --->
<cfparam name="url.prodID" default="">
<!--- IF PRODUCT ID IS NOT NUMERIC --->
<cfif not isNumeric(url.prodID)>
<!--- HANDLE INVALID PRODUCT ID --->
<cfelse>
<!--- QUERY DATABASE --->
<cfinclude templete="qry_productDetail.cfm">
<cfif not val(qDetail.recordCount)>
<!--- HANDLE PRODUCT NOT FOUND --->
<cfelse>
<!--- DISPLAY THE RESULTS --->
</cfif>
</cfif>
HTH,
Brad
> -----Original Message-----
> From: Cornillon, Matthieu [mailto:[EMAIL PROTECTED]]
> Sent: Friday, August 16, 2002 7:26 PM
> To: CF-Talk
> Subject: protecting against strange navigation
>
>
> I am about to release a system that has been beaten up and tested
> extensively. For the most part, it works whether you run it backwards or
> forwards, and it has all sorts of error handling. But all that cost a lot
> of time. A large part of it had to do with protecting against
> the user who
> goes through some strange sequence of pages. It's impossible to test, of
> course, for every such possibility, and as a backup, the error
> handler gives
> them a "Unknown Problem" page. But I am wondering whether there are any
> best practices established for dealing with strange user behavior.
>
> I am asking this without specific examples on purpose, as I am not so much
> interested in the particular solution to a particular problem as I am in
> global habits to adopt. One thing I would imagine being involved is using
> CFPARAM statements to make sure that all variables used on the
> page are set
> to values that will put the page at a default state. Are there
> other things
> that one might in general look for?
>
> Thanks,
> Matthieu
>
______________________________________________________________________
This list and all House of Fusion resources hosted by CFHosting.com. The place for
dependable ColdFusion Hosting.
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
