Up until know I thought that scoping variables with form. that you were guaranteed those variables were coming from a form post.
So now my question is how do you guarantee that the variable came from the form scope? is using form["firstname"] sufficient? What about checking cgi.REQUEST_METHOD for post? Can that variable be spoofed? Thanks! Randy Dave Watts wrote: >> I was surprised today that the following code actually displayed a value: >> >> http://www.cftools.test/formtest.cfm?form.test=test >> >> Here is the code: >> >> <cfoutput> >> #form.test# >> </cfoutput> >> >> >> Why does this work? Is it considered a bug? >> >> I did find that if I referenced the form variable like this >> #form["test"]#, it doesn't work as above. > > You're creating a variable named URL.form.test, and CF 8 is relaxed > enough to not give you a hard time about it. However, there's no form > scope there really, just the URL scope, which is why the second > reference doesn't work. My guess is that if you referenced > URL.form["test"], it would work fine. > > Dave Watts, CTO, Fig Leaf Software > http://www.figleaf.com/ > > Fig Leaf Software provides the highest caliber vendor-authorized > instruction at our training centers in Washington DC, Atlanta, > Chicago, Baltimore, Northern Virginia, or on-site at your location. > Visit http://training.figleaf.com/ for more information! > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:313362 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
