RE: Need to toggle URL and FORM vars

Nat Papovich Mon, 17 Jul 2000 14:46:26 -0700
But if you attributes scope that "dbupdated" variable, you might kiss
yourself later. Imagine if, when demo-ing the yet unfinshed app to your
client, for some inexplicable reason, dbupdated gets whacked or out of line
somehow. It's expecting "Widget was added successfully", but it's getting
"Widget added successfully". Now your app is broken until you access the
source code and change the conditional to check for the different text
string. But if, in the midst of this demo, you remember that dbupdated is
attributes scoped, you can append
"dbupdated=Widget%20was%20added%20successfully" to your url string, and it
works! (provided that cfset was instead a cfparam, but you get the idea).

Now before eveyone points out the obvious security loopholes here, I'll say
it. IMPROPER CODING CREATES OBVIOUS SECURITY LOOPHOLES. This allows for
greater flexibility, but more chance of things going "differently".

Also, if you use attributes scope in your logic code, you can do cool stuff
like post the search string to the url string so if a user wants to bookmark
a search results page, they sure as heck can, because the your search
results processing page will handle a search query via a form variable, url
variable, or (heck) even attributes variable if you ever wanted to cfmodule
your search circuit.

100%?

-----Original Message-----
From: Erik Voldengen [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 17, 2000 10:05 AM
To: '[EMAIL PROTECTED]'
Subject: RE: Need to toggle URL and FORM vars


Nope.  Now you are down to 97%.

The VARIABLES scope is great for things like:

<cfset dbupdated="Widget was added successfully">

in an act file, and

<cfoutput>#Variables.dbupdated#</cfoutput>

in a dsp_ file that immediately follows that act_ file
within the <CFCASE>.


> -----Original Message-----
> From: McCollough, Alan [mailto:[EMAIL PROTECTED]]
> Sent: Monday, July 17, 2000 9:58 AM
> To: '[EMAIL PROTECTED]'
> Subject: RE: Need to toggle URL and FORM vars
> 
> 
> Ah, the lightbulb is up to 98% on. So as a principle, do you 
> scope every
> occurence of a variable with the attributes. prefix?
> 
> Alan McCollough
> Web Programmer
> Alaska Native Medical Center
----------------------------------------------------------------------------
--
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
------------------------------------------------------------------------------
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: Need to toggle URL and FORM vars

Reply via email to
