Yeah, AFAIK, there is no way to get CF to parse CF code when it comes out of the DB.
-----Original Message----- From: S. Isaac Dealey [mailto:[EMAIL PROTECTED] Sent: 29 July 2005 16:01 To: CF-Talk Subject: RE: Executing CF function from databased content? Yeah, that sounds kinda dangerous to me too... and I've never heard of it working that way before The alternative I neglected to mention before is to write a custom tag or function which actually writes the content to a file and then includes the file... Of course, you still have to be careful with this because again, it can be dangerous if someone happens to know CF and figures out that you're using db content in a field they can edit to store cf code. <cffunction name="eval" output="true"> <cfargument name="cf" type="string" required="true"> <cfset arguments.file = createUUID() & ".cfm"> <cfset arguments.dir = getdirectoryFromPath(getCurrentTemplatePath())> <cffile action="write" output="#cf#" file="#arguments.dir##arguments.file#"> <cftry> <cfinclude template="#arguments.file#"> <cfcatch></cfcatch> </cftry> <cftry> <cffile action="delete" file="#arguments.dir##arguments.file#"> <cfcatch></cfcatch> </cftry> </cffunction> > This works? I must say I haven't tried it...wouldnt it > pose a security risk? > I mean it would allow any Joe Sixpack who can update > content to add CF tags > to a DB which will then be parsed and executed? > Is this an MX only oddity? > -----Original Message----- > From: Dave Phipps [mailto:[EMAIL PROTECTED] > Sent: 29 July 2005 12:19 > To: CF-Talk > Subject: Re: Executing CF function from databased content? > I have tried this in the past and I managed to get the > following to work: > In your db content you can place > <cfoutput>#LSDateFormat(Now(),"dd/mm/yy)#</cfoutput> > This will output the date when you output the result of > your cfquery. > Not sure if this will work for a UDF though? The key was > placing > <cfoutput></cfoutput> around the variable. s. isaac dealey 954.522.6080 new epoch : isn't it time for a change? add features without fixtures with the onTap open source framework http://www.fusiontap.com http://coldfusion.sys-con.com/author/4806Dealey.htm ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:213269 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
