validation for standardized SQL types. That validation is for protection
only, in most cases, it's completely insufficient for the specific data of
an app. For example, the INTEGER type will happily let you store a persons
age that is negative or in the millions, as long as it's an integer, so you
almost always have to provide additional validation.
This is even worse with non-standard data types, such as SQL Server's GUID
type, MySQL's SET and ENUM types, etc. The best you can do is to use a
CF_SQL_VARCHAR, which will protect the database as well, but won't provide
you with any validation, so you have to provide external validation.
Bottom line, CFQUERYPARAM is an extra layer of security on your database,
it's not for validation. It can be used that way, but only in a supporting
role.
Cheers,
barneyb
> -----Original Message-----
> From: Lola Lee [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, February 24, 2004 8:54 AM
> To: CF-Talk
> Subject: RE: Question about CFQUERYPARAM and GUIDs
>
> At 8:38 AM -0800 2/24/04, Barney Boisvert wrote:
> >Any character string will validate if you use
> CF_SQL_VARCHAR, regardless of
> >format. If you want to validate a GUID, you'll have to use
> something more
> >than just CFQUERYPARAM. Easiest is probably a simple Refind
> call, with the
> >appropriate RE. I don't know the exact format of a GUID,
> but it should be
> >something like this (change the numbers, and maybe add
> another segment):
> >
> >isValid =
> refind("^[0-9a-fA-F]{5}-[0-9a-fA-F]{5}-[0-9a-fA-F]{5}$", myGuid);
>
>
>
> Isn't this counterintuitive?
>
> We're being told to use CFQUERYPARAM in cfqueries. But if I
> understand it correctly, there is no CF_SQL types that handle GUIDs.
>
> What we need to be able to do is something like this:
>
> <cfquery "verifyUser">
> select * from user
> where UserID = <cfqueryparam type="CF_SQL_xxx" value="GUID">
> </cfquery>
>
>
> --
>
> Lola - mailto:[EMAIL PROTECTED]
> http://www.lolajl.net | Blog at http://www.lolajl.net/blog/
> I'm in Bowie, MD, USA, halfway between DC and Annapolis.
>
>
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
