I do your method for sometimes and it is a method I picked up years ago and slowly am getting out of. Do a cfparam to a value that is not acceptable then do a check on the validity of the value later. The reason I would do it was to enforce datatype checking via the CFPARAM tack such as if the field needs to be numeric then I might default it to -1 that way if it is -1 then someone got to my action page incorrectly but I avoid a cf error on the CFPARAM.
On Tue, Jan 27, 2009 at 10:54 AM, Ecung II,Ramon J <[email protected]>wrote: > Yeah, that's how I typically handle server side input handling. I taught > myself CF about a year ago so I probably picked up some bad habits from > figuring things out and reading others code online and such. > > > > The IsValid function looks like it's going to be a great help. > > > > *From:* [email protected] [mailto:[email protected]] *On > Behalf Of *Ken Auenson, II > *Sent:* Tuesday, January 27, 2009 10:49 AM > > *To:* [email protected] > *Subject:* [houcfug] Re: CFFORM Question > > > > Ramon, > You mentioned originally that all fields are required. > If they are required, than using CFParam is making them non-required by > giving them a default value. > or... > did I misread your statement? > reading it again, I think what you are saying is... > for an age field example, you have > <cfparam name="URL.Age" default="-1" /><cfif URL.Age EQ -1 ><cfset errorMsg > = "Please enter a valid age" /></cfif> > is that right? > well, this isn't anything too terribly wrong here... > It's a bit backwards than the way I would approach it, but it does seem to > take care of the basics. > this, in combination with the information Aaron posted below, will help to > make your forms bulletproof. > > On Tue, Jan 27, 2009 at 10:08 AM, Aaron Rouse <[email protected]> > wrote: > > You can do checks such as if it is a valid email address, if it is numeric > and so on. Check on ranges, for example if you take in an address via a > textarea but your database only will allow 500 characters. Kind of a > combination of functions. > > > > Hopefully this link will work, if not it is the first result from google on > the function. > > > > > http://livedocs.adobe.com/coldfusion/7/htmldocs/wwhelp/wwhimpl/common/html/wwhelp.htm?context=ColdFusion_Documentation&file=00000534.htm > > > > > > On Tue, Jan 27, 2009 at 10:03 AM, Ecung II,Ramon J <[email protected]> > wrote: > > I typically use cfparam to create a variable with a default value, and > check against the default value using a cfif. Does IsValid() offer any > benefits other than the method I use? (Such as using less server memory by > not creating variables, ect.) > > > > > > *From:* [email protected] [mailto:[email protected]] *On > Behalf Of *Aaron Rouse > *Sent:* Tuesday, January 27, 2009 9:57 AM > > > *To:* [email protected] > *Subject:* [houcfug] Re: CFFORM Question > > > > My understanding is some screen readers do not handle it at all. All > discussions I have been in over 508 compliance have pretty much resulted in > cannot rely on JavaScript for anything. Though it does seem like every > place and person has a different interpretation of 508 and some of those > being vastly different than the others. > > > > On another note, I'd also look into the IsValid() CF function for the > server side validation. I'd check to make sure required fields are > populated and I would also ensure they are the proper datatype for the > database and also do not exceed any size restrictions on the database side. > > On Tue, Jan 27, 2009 at 9:49 AM, Ken Auenson <[email protected]> > wrote: > > In case this has never come up for you before, and for anyone reading this > later in our archives: > The reason you should always have server-side validation is that the user > could have JS turned off. > If you are on an intranet where the user environment is controlled, it is > less of an issue, but for internet facing sites it is very important. In > general, you want to do everything you can to prevent users from ever seeing > a ColdFusion error. > I can't speak to 508 issues, but i am not sure how screen readers would > handle the JS validation, either. > > Good luck! > > -- > Ken > ------------------------------ > > *From: *Aaron Rouse <[email protected]> > *Sent: *Tuesday, January 27, 2009 9:16 AM > > > *To: *[email protected] > *Subject: *[houcfug] Re: CFFORM Question > > You really should have had server side checking anyway. I'd take a quick > look at jQuery form validation or any of the other JS offerings, you > probably could quickly get it in there when taking out some of the CFFORM > stuff. > > On Tue, Jan 27, 2009 at 8:50 AM, Ecung II,Ramon J <[email protected]> > wrote: > > Something along the lines of this: > > > > <cfif not len(textbox1)> > <cfset errorMsg = "textbox1 is required"> > </cfif> > > > > > > > > > > *From:* [email protected] [mailto:[email protected]] *On > Behalf Of *Ajas Mohammed > *Sent:* Tuesday, January 27, 2009 8:48 AM > > > *To:* [email protected] > *Subject:* [houcfug] Re: CFFORM Question > > > > By server side messaging you mean _Required hidden fields or something > else? > > <Ajas Mohammed /> > > > > [The entire original message is not included] > > > > > > > > > -- > > Aaron Rouse > http://www.happyhacker.com/ > > > > > > > > > > > -- > Aaron Rouse > http://www.happyhacker.com/ > > > > > > > > > -- Aaron Rouse http://www.happyhacker.com/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the "Houston ColdFusion Users' Group" discussion list. To unsubscribe, send email to [email protected] For more options, visit http://groups.google.com/group/houcfug?hl=en -~----------~----~----~----~------~----~------~--~---
