I'm working on a form to go with my shiny new CFC/Form Bean I just made. I have a matching database table with fields such as:
firstName [varchar(30)], lastname [varchar(50)], birthDate [smalldatetime], etc. When I create my form fields, should I enforce a max limit or just control the size of the visible portion of the field? For example: <input type="text" size="30"> Or <input type="text" size="30" maxlength="30"> My issue with controlling the maxlength of the field is what happens if the user enters some nasty characters such as "<" or ">"? When I display the form field, I use HTMLEditFormat() to ensure nothing bad happens when the data is displayed: <input type="text" size="30" value="#htmlEditFormat(myData)#"> Let's say the user typed in 30 characters and hit the max length of the form field. One, or more of those characters could be escaped by the HTMLEditFormat() function. Now, the length of the value is greater than 30 characters. Now what? I will have server-side validation of the data that will check for a valid length. So, if I have that, is it OK to leave out the maxlength attribute? I'm leaning that direction. Thanks MAD ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:197871 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
