Tablename/datasource would be completely ignored until the cfform tag
was handling a form, not rendering one.
-joe
----- Original Message -----
From: Burns, John D <[EMAIL PROTECTED]>
Date: Wed, 30 Jun 2004 10:31:14 -0400
Subject: RE: Blackstone @ CF-FUN '04
To: CF-Talk <[EMAIL PROTECTED]>
But wouldn't this end up passing tablename="employee" to the browser? I
don't see how this would be a good thing because then people know that
you have a table named "employee" with the following fields...
That just seems like a bad idea, especially for the "non-hardcore"
developers. They're the same people that probably have less experience
with security and would essentially be telling a hacker -- this is what
my datastructure looks like...come hack me.
All I'm saying is that you give up a certain degree of security for
convenience and that doesn't seem worthy of that unless there's some
workaround (which their quite possibly could be).
John
-----Original Message-----
From: Joe Rinehart [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 30, 2004 10:15 AM
To: CF-Talk
Subject: Re: Blackstone @ CF-FUN '04
John,
You're right in that you could do exactly what I'm describing using
cfinsert/cfupdate, but that still requires the person making the page to
know how to do the code to handle a form update, and this is the "last
mile" that I referred to in my original post.
What I'm describing would probably look like this:
For an insert:
<cfform name="uniqueFormName" datasource="dsn" tablename="employee"
action="">
First Name: <cfinput type="text" name="firstname"><br>
...and so on for fields...
</cfform>
For an update:
<cfform name="uniqueFormName" datasource="dsn" tablename="employee"
primaryKey="employeeId" action="">
First Name: <cfinput type="text" name="firstname"><br>
...and so on for fields...
<input type="hidden" name="employeeId" value="#url.employeeId#">
</cfform>
CFFORM would need to be changed to do the following:
1. If the datasource/tablename attribs are defined, embed a hidden
field at the top/bottom of the field named something like
"submitted_uniqueFormName".
2. If the datasource/tablename attribs are defined, use
cgi.script_name?cgi.query_string for the action of the resultant FORM
tag instead of the ACTION provided.
3. If the datasource/tablename attribs are defined, Detect whether or
not "form.submitted_uniqueFormName" exists - if it does, perfrom the
appropriate cfinsert/cfupdate style action, then redirect to the ACTION
defined in the CFFORM tag.
This is, of course, not the best way to perform validation, not the most
secure solution, and very, very limited - one table, etc. But for the
"I just want to make a form that'll let someone add a row to this table"
crowd, it could simplify things a bit.
-joe________________________________
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
