CF8 Server Monitor Question
Hi folks, I have a situation at work where the following is occurring. We are in a Linux based (websphere) environment running CF 8. When we try to launch the Server Monitor, the initial screen says âColdFusion is not currently runningâ, but it is. The context is reported as âiwsâ, when in actuality, it is âIWSâ. If we update the context to IWS, we can login to the monitor. Unfortunately, however, the âstart monitoringâ button is not available and all we can do is look around, but we canât actually do any monitoring. Any thoughts? Thanks! Dave ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321643 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Verity and the parenthesis characters?
How do you send in a parenthesis () value to Verity without it throwing up? I've tried URLEncodedFormat() and URLDecode(), neither seems to work well. An example of a search value would be plan(b). ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321644 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Newbie ... CFSQLTYPE of CFQueryParam
I have been searching for some explanation of the different Types used in CFQueryParam. understand that SCALE= is used to validate the position of decimal, but still confused by ... FLOAT, DECIMAL, MONEY, MONEY4. I am using CFquery INSERT do I need to use CFQueryParam for all values ? -- I am using the free version of SPAMfighter. We are a community of 6 million users fighting spam. SPAMfighter has removed 12962 of my spam emails to date. Get the free SPAMfighter here: http://www.spamfighter.com/len The Professional version does not have this message ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321645 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Newbie ... CFSQLTYPE of CFQueryParam
Hi Bob, Check here for a list of the available options and their corresponding data types for some major SQL providers (for some reason MySQL isn't there): http://www.cfquickdocs.com/cf8/#cfqueryparam. As for your question, generally using cfqueryparam is recommended for any value that could be provided by the user. The main purpose is to eliminate SQL injection attacks by binding the parameters and preventing the use of SQL commands within the values (see http://xkcd.com/327/ for a fun example). it also provides some level of optimization. Personnally I've taken the habit of putting it pretty much for all my dynamic values in my queries. It just helps me sleep better at night. hth Francois Levesque http://blog.critical-web.com/ On Thu, Apr 16, 2009 at 10:49 AM, BobSharp bobsh...@ntlworld.com wrote: I have been searching for some explanation of the different Types used in CFQueryParam. understand that SCALE= is used to validate the position of decimal, but still confused by ... FLOAT, DECIMAL, MONEY, MONEY4. I am using CFquery INSERT do I need to use CFQueryParam for all values ? -- I am using the free version of SPAMfighter. We are a community of 6 million users fighting spam. SPAMfighter has removed 12962 of my spam emails to date. Get the free SPAMfighter here: http://www.spamfighter.com/len The Professional version does not have this message ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321646 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Newbie ... CFSQLTYPE of CFQueryParam
I have been searching for some explanation of the different Types used in CFQueryParam. understand that SCALE= is used to validate the position of decimal, but still confused by ... FLOAT, DECIMAL, MONEY, MONEY4. These correspond with specific database field types. You'd need to know what your database is looking for to choose the most appropriate data type in CF. That said, you can usually use FLOAT with any floating point database field, but it won't give you the same level of precision that the more specific types provide. I am using CFquery INSERT do I need to use CFQueryParam for all values ? Any time you use user-supplied values in a query, you should use CFQUERYPARAM. It doesn't matter whether it's an INSERT, UPDATE, DELETE or SELECT. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more inf ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321647 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Newbie ... CFSQLTYPE of CFQueryParam
Bob I have a function that sniffs out the CF data type based on the SQL datatype. I am not sure if it is 100% as I have not tested it extensively. But this should handle most of the MSSQL and MYSQL datatypes. HTH G! http://coz.pastebin.com/f588cde23 On Thu, Apr 16, 2009 at 10:49 AM, BobSharp bobsh...@ntlworld.com wrote: I have been searching for some explanation of the different Types used in CFQueryParam. understand that SCALE= is used to validate the position of decimal, but still confused by ... FLOAT, DECIMAL, MONEY, MONEY4. I am using CFquery INSERT do I need to use CFQueryParam for all values ? -- I am using the free version of SPAMfighter. We are a community of 6 million users fighting spam. SPAMfighter has removed 12962 of my spam emails to date. Get the free SPAMfighter here: http://www.spamfighter.com/len The Professional version does not have this message ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321648 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Newbie ... CFSQLTYPE of CFQueryParam
This is the link to the function code in case it was not apparent from my post... I really need to slow down. ;o) http://coz.pastebin.com/f588cde23 G! -- Gerald Guido http://www.myinternetisbroken.com http://www.cfsimple.org/ To invent, you need a good imagination and a pile of junk. -- Thomas A. Edison ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321649 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Newbie ... CFSQLTYPE of CFQueryParam
I've always been curious as to how cfqueryparam works. Does anyone know if it just performs some scanning and filtering on the actual values of the parameters passed to it or whether it somehow signals to the RDBMS that the values are parameters to the query thereby treating an SQLI attack as an escaped string or something? cfqueryparam errors when you try to use it outside a cfquery tag, which limits some of the stuff you can do with it. ( Like using cfsavecontent to have various cffunctions append SQL to a query and then popping that variable inside of a cfquery tag ). Is there some other way to leverage the parameterized safety of cfqueryparam? Can you do it using pure SQL? The database driver? Any ideas on how I could provide the same security outside of cfquery tags? On Thu, Apr 16, 2009 at 9:32 AM, Gerald Guido gerald.gu...@gmail.comwrote: This is the link to the function code in case it was not apparent from my post... I really need to slow down. ;o) http://coz.pastebin.com/f588cde23 G! -- Gerald Guido http://www.myinternetisbroken.com http://www.cfsimple.org/ To invent, you need a good imagination and a pile of junk. -- Thomas A. Edison ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321650 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Newbie ... CFSQLTYPE of CFQueryParam
I've always been curious as to how cfqueryparam works. Does anyone know if it just performs some scanning and filtering on the actual values of the parameters passed to it or whether it somehow signals to the RDBMS that the values are parameters to the query thereby treating an SQLI attack as an escaped string or something? It builds a prepared statement. It doesn't scan or filter anything. cfqueryparam errors when you try to use it outside a cfquery tag, which limits some of the stuff you can do with it. ( Like using cfsavecontent to have various cffunctions append SQL to a query and then popping that variable inside of a cfquery tag ). Is there some other way to leverage the parameterized safety of cfqueryparam? Can you do it using pure SQL? The database driver? Any ideas on how I could provide the same security outside of cfquery tags? You could build a prepared statement yourself. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321651 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
cfzip with password
Hi is there a way to password protect a file that we zip up using cfzip i have searched the internet and found lots of things to do with reading a zip file that has a password on it, but nothing to do with actually setting the password when we zip it up thanks ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321652 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
cffile action=write file as XML. Put spacing in lines, but resave file on mac spaces disappear
I have a very strange issue and need someone to tell me im not crazy. I an querying a database, saving the content , and writing it to an xml file. The formatting is all perfect to the format we had testing the xml file. By the way, flash is reading the XML. The strange part, the application writes the XML file, and the spacing is there. You open the xml with windows, resave it, and try to load it again in flash, same spacing problem. If you open the XML with Mac, resave it exactly the same, reload it to the flash and the spacing is perfect. If you open and resave the XML with mac dreamweaver, it works, otherwise it puts spaces between the lines. here is the code, and a link to the site with spaces. http://blackbeardesign.com/temp/resave-with-mac.jpg http://blackbeardesign.com/temp/save-from-cf-or-windows.jpg !--- get the xml content ready --- cfsavecontent variable=theXml?xml version=1.0 encoding=UTF-8? !DOCTYPE data[ !ELEMENT title (comments, image) !ATTLIST title name CDATA #REQUIRED !ELEMENT comments (#PCDATA) !ELEMENT image (#PCDATA) ] datacfoutput query=data title name=#data.title# comments#data.comments# /comments imageAssets/thumbs/#data.image#/image flv../../Assets/flv/#data.flv#/flv /title /cfoutput /data /cfsavecontent !--- then write the xml --- cffile action=write file=#xmldir#/data.xml output=#theXml# charset=utf-8 ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321653 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
file permissions
Hi i saw someone discussing the need for file permissions on files that write to the file system, but do not understand this subject well enough to know what to do we have a lot of files in one of our applications that write xml and MS Excel spreadsheets and know that we need to set file permissions but dont understand the following: 1) what permissions do we need to set on these 2) do we need to set a password on these files 3) if so will the application still run, or do we need to set something up that will allow the system to access them we also have some folders that contain sensitive zip files etc... so how can we set a password on these and how will the system interact with them if a password is set on the folder? basically we are confused about how all this works and would appreciate any guidance or tutorials that will help us understand thanks ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321654 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
autosuggest issue
Hi,
Sample code before I say anything about the issue..
cfform
Name:cfinput type=textname=lookup
autosuggest=cfc:cfcName.getEMPID({cfautosuggestvalue}) br /
Department:
cfselect name=userID id=userID bind=cfc:cfcName.getName({lookup})
display=userID
value=userID
bindOnLoad=false /
/cfform
cfc code..
cfcomponent
!---function to retun dept based on user name---
cffunction name=getName access=remote output=false
returntype=query
cfargument name=route_num
cfquery name=get_bnk_name datasource=cfdocexamples
SELECT emp_id as UserID
FROM Employees
where UCase(FirstName) =Ucase('#ARGUMENTS.route_num#')
/cfquery
cfreturn get_bnk_name
/cffunction
!---function to retun emp name based on entered letter---
cffunction name=getEMPID access=remote output=false
returntype=string
cfargument name=route_num
cfquery name=get_bnk_name datasource=cfdocexamples
SELECT FirstName,emp_id
FROM Employees
where UCase(FirstName) LIKE Ucase('%#ARGUMENTS.route_num#%')
/cfquery
cfreturn ValueList(getEMPID.FirstName)
/cffunction
I am using autosugest to display the data in the text field. as started keying
the id and once the id selected..I get name back in the select statement
sucessfully.
I am done with it But my concern is when I key in the id I should get the
dropdownlist in this format id-firstname.
ex: if id is 1
and the repective employer name is daniel then the autosugest dropdown
shoud show 1-Daniel.
I tried using something like this:
cffunction name=getEMPID access=remote output=false returntype=string
cfargument name=route_num
cfquery name=get_bnk_name datasource=cfdocexamples
SELECT FirstName,emp_id
FROM Employees
where UCase(FirstName) LIKE Ucase('%#ARGUMENTS.route_num#%')
/cfquery
cfset arrayName = listtoarray(ValueList(getEMPID.FirstName))
cfset arrayemp_id = ListtoArray(ValueList(getEMPID.emp_id))
cfset bankname=arraynew(1)
cfset empName[i] = listtoarray(arrayName[i] '-' arrayemp_id[i])
cfreturn empName
/cffunction
I would really appreciate with any suggestion.
Thanks,
Priya
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad.doubleclick.net/clk;207172674;29440083;f
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321655
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
2 applications on one server
hi we are trying to place 2 applications on one vps for the first time and would like some guidance on whether there is anything we need to think about in terms of conflicts etc... basically i am confused as to how this works with 2 application.cfc's each one of the applications should be totally seperate but how does coldfusion know which application.cfc to use and how come they dont conflict with each other? thanks ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321656 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Newbie ... CFSQLTYPE of CFQueryParam
Dave Watts wrote: it somehow signals to the RDBMS that the values are parameters to the query thereby treating an SQLI attack as an escaped string or something? It builds a prepared statement. It doesn't scan or filter anything. Thus the database knows the data is data and not commands and does not try to execute commands that just may happen to be in the data. Any ideas on how I could provide the same security outside of cfquery tags? You could build a prepared statement yourself. There you go. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321657 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: cffile action=write file as XML. Put spacing in lines, but resave file on mac spaces disappear
This might be a line-delimiter problem. I believe windows uses both the return and newline characters: \r\n Linux based machines, on the other hand, I think only use one of the them...\n maybe? Not sure. -- Ben Nadel Adobe Community Expert Adobe Certified Advanced ColdFusion Developer Manager New York ColdFusion User Group http://www.bennadel.com Need ColdFusion Help? http://www.bennadel.com/Ask-Ben ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321658 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: 2 applications on one server
each one of the applications should be totally seperate but how does coldfusion know which application.cfc to use and how come they dont conflict with each other? When you run a CF file, CF looks within the directory of that file for Application.cfc or Application.cfm. If it doesn't find either, it looks in the parent directory, and so on until it finds one of those files or it reaches the root of the drive. So, if you want separate applications, you put them in separate directories. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321659 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: cffile action=write file as XML. Put spacing in lines, but resave file on mac spaces disappear
Try wrapping the content in a cfprocessingdirective suppresswhitespace=true Rob On Thu, Apr 16, 2009 at 12:56 PM, Ben Nadel b...@bennadel.com wrote: This might be a line-delimiter problem. I believe windows uses both the return and newline characters: \r\n Linux based machines, on the other hand, I think only use one of the them...\n maybe? Not sure. -- Ben Nadel Adobe Community Expert Adobe Certified Advanced ColdFusion Developer Manager New York ColdFusion User Group http://www.bennadel.com Need ColdFusion Help? http://www.bennadel.com/Ask-Ben ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321660 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: cfzip with password
is there a way to password protect a file that we zip up using cfzip i have searched the internet and found lots of things to do with reading a zip file that has a password on it, but nothing to do with actually setting the password when we zip it up I don't think CFZIP supports that. You can either use something to modify the zip file after you create it, or use something else to zip the files in the first place. There are plenty of command-line tools that you could invoke from CFEXECUTE to do this. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321661 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: 2 applications on one server
Richard White wrote: basically i am confused as to how this works with 2 application.cfc's each one of the applications should be totally seperate but how does coldfusion know which application.cfc to use and how come they dont conflict with each other? As the documentation discuss in great length with examples and pictures... ColdFusion starts with the location of the file being request and looks in that directory for first an Application.cfc file and then an Application.cfm. If it does not fine either of these in that directory it goes up to the parent directory and looks for first an Application.cfc and then an Application.cfm file. It contiues this search up the directory tree until it finds either an Application.cfc file or an Application.cfm file or reaches the *file* root directory. Note this can be above the web root. If your two applications are in separate and distinct directory structures and these directory trees have separate Application files then the applications will be independent. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321662 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: file permissions
i saw someone discussing the need for file permissions on files that write to the file system, but do not understand this subject well enough to know what to do we have a lot of files in one of our applications that write xml and MS Excel spreadsheets and know that we need to set file permissions but dont understand the following: 1) what permissions do we need to set on these 2) do we need to set a password on these files 3) if so will the application still run, or do we need to set something up that will allow the system to access them Without knowing what you're trying to accomplish, it's difficult to answer this question. we also have some folders that contain sensitive zip files etc... so how can we set a password on these and how will the system interact with them if a password is set on the folder? If you're using IIS, you can set permissions on files and folders, and browser users will then need to provide a valid set of credentials that match those permissions. If you're using Apache, you could do something similar with .htaccess files rather than permissions. If you want to handle permissions through CF rather than through your web server, you'll need to serve the files using CFCONTENT rather than letting people get them through the web server directly. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321663 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Newbie ... CFSQLTYPE of CFQueryParam
Am I correct in assuming ( after just having skimmed the topic with Google ) that to do that within CFML I'd have to drop into Java and use the MySQL Java API to achieve that? On Thu, Apr 16, 2009 at 10:36 AM, Dave Watts dwa...@figleaf.com wrote: I've always been curious as to how cfqueryparam works. Does anyone know if it just performs some scanning and filtering on the actual values of the parameters passed to it or whether it somehow signals to the RDBMS that the values are parameters to the query thereby treating an SQLI attack as an escaped string or something? It builds a prepared statement. It doesn't scan or filter anything. cfqueryparam errors when you try to use it outside a cfquery tag, which limits some of the stuff you can do with it. ( Like using cfsavecontent to have various cffunctions append SQL to a query and then popping that variable inside of a cfquery tag ). Is there some other way to leverage the parameterized safety of cfqueryparam? Can you do it using pure SQL? The database driver? Any ideas on how I could provide the same security outside of cfquery tags? You could build a prepared statement yourself. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321664 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: 2 applications on one server
we have 2 different directories for both applications however will the application scope conflict? we use modelglue and coldspring which loads items into the application scope, but we are noticing these are conflicting... it seems as though when we go to one application it is overwriting the application variables of the other application Richard White wrote: basically i am confused as to how this works with 2 application. cfc's each one of the applications should be totally seperate but how does coldfusion know which application.cfc to use and how come they dont conflict with each other? As the documentation discuss in great length with examples and pictures... ColdFusion starts with the location of the file being request and looks in that directory for first an Application.cfc file and then an Application.cfm. If it does not fine either of these in that directory it goes up to the parent directory and looks for first an Application.cfc and then an Application.cfm file. It contiues this search up the directory tree until it finds either an Application.cfc file or an Application.cfm file or reaches the *file* root directory. Note this can be above the web root. If your two applications are in separate and distinct directory structures and these directory trees have separate Application files then the applications will be independent. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321665 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: file permissions
thanks dave, it was actually based on your comments in another post that got me thinking about this it was in a post to do with hacking and you said that the person should look through the site and set permissions on any file that writes to the file system. i also want to make sure that if someone cannot access a folder that has sensitive files but want to make sure our coldfusion application will still be able to acces that folder should i understand the cfcontent tag? i saw someone discussing the need for file permissions on files that write to the file system, but do not understand this subject well enough to know what to do we have a lot of files in one of our applications that write xml and MS Excel spreadsheets and know that we need to set file permissions but dont understand the following: 1) what permissions do we need to set on these 2) do we need to set a password on these files 3) if so will the application still run, or do we need to set something up that will allow the system to access them Without knowing what you're trying to accomplish, it's difficult to answer this question. we also have some folders that contain sensitive zip files etc... so how can we set a password on these and how will the system interact with them if a password is set on the folder? If you're using IIS, you can set permissions on files and folders, and browser users will then need to provide a valid set of credentials that match those permissions. If you're using Apache, you could do something similar with .htaccess files rather than permissions. If you want to handle permissions through CF rather than through your web server, you'll need to serve the files using CFCONTENT rather than letting people get them through the web server directly. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321666 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Newbie ... CFSQLTYPE of CFQueryParam
Actually, it looks like as long as I managed my prepared statement naming manually across the entire MySQL server I'd be ok to just run multiple queries in a row ( because CF8 with MySQL breaks for me if I try more than one statement separated by semicolons ). So it'd play out like this, for anyone curious: cfquery/ prepare statement #appName#_someIdentifier ' select * from ? ' cfquery/ set @p1 := '#userSuppliedValue#' cfquery/ execute #appName#_someIdentifier using @p1 That sure is a lot of cfquery tags, considering you'd need an extra cfquery for each parameter. But I wonder if that would totally break because CF could be executing multiple queries in parallel through the same MySQL connection and the interwoven execution of all of these queries might make them overlap and overwrite each other's values. Is that about accurate? 2009/4/16 David McGuigan davidmcgui...@gmail.com Am I correct in assuming ( after just having skimmed the topic with Google ) that to do that within CFML I'd have to drop into Java and use the MySQL Java API to achieve that? On Thu, Apr 16, 2009 at 10:36 AM, Dave Watts dwa...@figleaf.com wrote: I've always been curious as to how cfqueryparam works. Does anyone know if it just performs some scanning and filtering on the actual values of the parameters passed to it or whether it somehow signals to the RDBMS that the values are parameters to the query thereby treating an SQLI attack as an escaped string or something? It builds a prepared statement. It doesn't scan or filter anything. cfqueryparam errors when you try to use it outside a cfquery tag, which limits some of the stuff you can do with it. ( Like using cfsavecontent to have various cffunctions append SQL to a query and then popping that variable inside of a cfquery tag ). Is there some other way to leverage the parameterized safety of cfqueryparam? Can you do it using pure SQL? The database driver? Any ideas on how I could provide the same security outside of cfquery tags? You could build a prepared statement yourself. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321667 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: cfzip with password
ok thanks will look into it is there a way to password protect a file that we zip up using cfzip i have searched the internet and found lots of things to do with reading a zip file that has a password on it, but nothing to do with actually setting the password when we zip it up I don't think CFZIP supports that. You can either use something to modify the zip file after you create it, or use something else to zip the files in the first place. There are plenty of command-line tools that you could invoke from CFEXECUTE to do this. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321668 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: 2 applications on one server
not if you name each application with a unique name. We run thousands of applications on a single server, each with a unique name, and there are no problems. Wil Genovese One man with courage makes a majority. -Andrew Jackson A fine is a tax for doing wrong. A tax is a fine for doing well. On Apr 16, 2009, at 1:10 PM, Richard White wrote: we have 2 different directories for both applications however will the application scope conflict? we use modelglue and coldspring which loads items into the application scope, but we are noticing these are conflicting... it seems as though when we go to one application it is overwriting the application variables of the other application Richard White wrote: basically i am confused as to how this works with 2 application. cfc's each one of the applications should be totally seperate but how does coldfusion know which application.cfc to use and how come they dont conflict with each other? As the documentation discuss in great length with examples and pictures... ColdFusion starts with the location of the file being request and looks in that directory for first an Application.cfc file and then an Application.cfm. If it does not fine either of these in that directory it goes up to the parent directory and looks for first an Application.cfc and then an Application.cfm file. It contiues this search up the directory tree until it finds either an Application.cfc file or an Application.cfm file or reaches the *file* root directory. Note this can be above the web root. If your two applications are in separate and distinct directory structures and these directory trees have separate Application files then the applications will be independent. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321669 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: 2 applications on one server
Richard White wrote: we have 2 different directories for both applications however will the application scope conflict? Ahh different issue. ColdFusion distinguishes different applications by the application name string. Any template, in any directory running under any application cfc or application.cfm file and the same server that share the same application name will be considered to be the same application. And thus they will share the same application scope variables. So change the name of one of the applications within either the this.name = or cfapplication name= command that you used. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321670 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: 2 applications on one server
we have 2 different directories for both applications however will the application scope conflict? Not if your applications, and the components they use, are within two completely separate directories. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321671 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Newbie ... CFSQLTYPE of CFQueryParam
Update: You can actually enable multiple statements in a single query in ColdFusion by appending allowMultiQueries=true to your datasource connection string! 2009/4/16 David McGuigan davidmcgui...@gmail.com Actually, it looks like as long as I managed my prepared statement naming manually across the entire MySQL server I'd be ok to just run multiple queries in a row ( because CF8 with MySQL breaks for me if I try more than one statement separated by semicolons ). So it'd play out like this, for anyone curious: cfquery/ prepare statement #appName#_someIdentifier ' select * from ? ' cfquery/ set @p1 := '#userSuppliedValue#' cfquery/ execute #appName#_someIdentifier using @p1 That sure is a lot of cfquery tags, considering you'd need an extra cfquery for each parameter. But I wonder if that would totally break because CF could be executing multiple queries in parallel through the same MySQL connection and the interwoven execution of all of these queries might make them overlap and overwrite each other's values. Is that about accurate? 2009/4/16 David McGuigan davidmcgui...@gmail.com Am I correct in assuming ( after just having skimmed the topic with Google ) that to do that within CFML I'd have to drop into Java and use the MySQL Java API to achieve that? On Thu, Apr 16, 2009 at 10:36 AM, Dave Watts dwa...@figleaf.com wrote: I've always been curious as to how cfqueryparam works. Does anyone know if it just performs some scanning and filtering on the actual values of the parameters passed to it or whether it somehow signals to the RDBMS that the values are parameters to the query thereby treating an SQLI attack as an escaped string or something? It builds a prepared statement. It doesn't scan or filter anything. cfqueryparam errors when you try to use it outside a cfquery tag, which limits some of the stuff you can do with it. ( Like using cfsavecontent to have various cffunctions append SQL to a query and then popping that variable inside of a cfquery tag ). Is there some other way to leverage the parameterized safety of cfqueryparam? Can you do it using pure SQL? The database driver? Any ideas on how I could provide the same security outside of cfquery tags? You could build a prepared statement yourself. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321672 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: cfzip with password
cfzip doesn't support passwords because the underlying Java support doesn't (at least it didn't at the time of going to press), so as Dave says you'll need to look at using it in combination with cfexecute Andy 2009/4/16 Richard White rich...@j7is.co.uk: ok thanks will look into it is there a way to password protect a file that we zip up using cfzip i have searched the internet and found lots of things to do with reading a zip file that has a password on it, but nothing to do with actually setting the password when we zip it up I don't think CFZIP supports that. You can either use something to modify the zip file after you create it, or use something else to zip the files in the first place. There are plenty of command-line tools that you could invoke from CFEXECUTE to do this. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321673 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: 2 applications on one server
Dave, If the application name is the same in both directories they will share the same application scope. -mark Mark A. Kruger, CFG, MCSE (402) 408-3733 ext 105 www.cfwebtools.com www.coldfusionmuse.com www.necfug.com -Original Message- From: Dave Watts [mailto:dwa...@figleaf.com] Sent: Thursday, April 16, 2009 12:26 PM To: cf-talk Subject: Re: 2 applications on one server we have 2 different directories for both applications however will the application scope conflict? Not if your applications, and the components they use, are within two completely separate directories. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321674 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Newbie ... CFSQLTYPE of CFQueryParam
And for all those reading this and using MSSQL, an inline statement would look like this: cfquery ... declare @p1 nvarchar(50) set @p1 = '#userSuppliedValue#' select * from tableName where column = @p1 /cfquery So, basically cfqueryparam is creating the Declare and Set for you. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321675 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: 2 applications on one server
thanks for your comments it is now seperating the 2 but the names were different the only thing we changed was: cfcomponent cfset application.name = Project1/ to cfcomponent cfset this.name = Project1/ why would changing it from 'application' to 'this' rectify this conflict thanks Richard White wrote: we have 2 different directories for both applications however will the application scope conflict? Ahh different issue. ColdFusion distinguishes different applications by the application name string. Any template, in any directory running under any application cfc or application.cfm file and the same server that share the same application name will be considered to be the same application. And thus they will share the same application scope variables. So change the name of one of the applications within either the this.name = or cfapplication name= command that you used. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321676 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: 2 applications on one server
If the application name is the same in both directories they will share the same application scope. Yeah, I would have thought that went without saying, but I guess not. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321677 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Newbie ... CFSQLTYPE of CFQueryParam
Actually, I believe cfqueryparam uses bindings, which effectively passes parameters to the SQL engine. In your example, you are still open to SQL injection attacks. However, if you need to use your value several times, you can use declare / set to define a variable in SQL, rather than using multiple cfqueryparam statements: cfquery ... declare @p1 nvarchar(50) set @p1 = cfqueryparam cfsqltype=cf_sql_varchar value=#userSuppliedValue# / select * from tableName where column = @p1 and othercolumn @p1 /cfquery Francois Levesque http://blog.critical-web.com/ On Thu, Apr 16, 2009 at 2:29 PM, Jason Fisher ja...@wanax.com wrote: And for all those reading this and using MSSQL, an inline statement would look like this: cfquery ... declare @p1 nvarchar(50) set @p1 = '#userSuppliedValue#' select * from tableName where column = @p1 /cfquery So, basically cfqueryparam is creating the Declare and Set for you. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321678 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: 2 applications on one server
thanks for your comments it is now seperating the 2 but the names were different the only thing we changed was: cfcomponent cfset application.name = Project1/ to cfcomponent cfset this.name = Project1/ why would changing it from 'application' to 'this' rectify this conflict Within Application.cfc, this.name is how you name an application, and application.name is how you refer to a variable called name from within the Application scope. That variable is not the application name, it's just a variable called name. Without this.name, your application doesn't have a name. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321679 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: 2 applications on one server
Richard White wrote: why would changing it from 'application' to 'this' rectify this conflict thanks Because it does! :-) I don't know why this is but this.name and the equivalent cfapplication name= don't set a variable names application.name they set a variable named application.applicationName. And I honest don't know what would happen if you tried to set application.applicationName directory. I suspect it would be unpredictable. I just follow the documentation that tells me to use this.name OR cfapplication name= ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321680 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: 2 applications on one server
thanks for all your comments, i also read that in the documentation but it didn't even register that this.name and application.name wouldn't be equivalent... but it does make sense thanks again for the help thanks for your comments it is now seperating the 2 but the names were different the only thing we changed was: cfcomponent cfset application.name = Project1/ to cfcomponent cfset this.name = Project1/ why would changing it from 'application' to 'this' rectify this conflict Within Application.cfc, this.name is how you name an application, and application.name is how you refer to a variable called name from within the Application scope. That variable is not the application name, it's just a variable called name. Without this.name, your application doesn't have a name. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321681 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: autosuggest issue
What will happen here is that your cfc function will return the
recordset as you expect. However, the javascript that processes this
resultset for the dropdown performs its own filter - stripping out
results that don't begin with what is in the input and so the results
never show.
The widget that CF uses for the autosuggest is from YUI
(http://developer.yahoo.com/yui/autocomplete/) and is configurable so
that it can match the string in various different ways - but CF gives
no interface to those options.
If you have the time and inclination, I would invest it in getting an
auto-suggest working without the cfinput tag (ie. pure js w/ ajax).
However, I did write a handy customtag wrapper to cfinput autosuggest
that allows you to set those options:
http://betterautosuggest.riaforge.org/
Your useage may look something like:
custom:betterautosuggest type=text name=lookup
autosuggest=cfc:cfcName.getEMPID({cfautosuggestvalue})
queryMatchContains=true /
HTH
Dominic
2009/4/16 Priya Koya priya23...@gmail.com:
Hi,
Sample code before I say anything about the issue..
cfform
Name:cfinput type=textname=lookup
autosuggest=cfc:cfcName.getEMPID({cfautosuggestvalue}) br /
Department:
cfselect name=userID id=userID bind=cfc:cfcName.getName({lookup})
display=userID
value=userID
bindOnLoad=false /
/cfform
cfc code..
cfcomponent
!---function to retun dept based on user name---
cffunction name=getName access=remote output=false
returntype=query
cfargument name=route_num
cfquery name=get_bnk_name datasource=cfdocexamples
SELECT emp_id as UserID
FROM Employees
where UCase(FirstName) =Ucase('#ARGUMENTS.route_num#')
/cfquery
cfreturn get_bnk_name
/cffunction
!---function to retun emp name based on entered letter---
cffunction name=getEMPID access=remote output=false
returntype=string
cfargument name=route_num
cfquery name=get_bnk_name datasource=cfdocexamples
SELECT FirstName,emp_id
FROM Employees
where UCase(FirstName) LIKE Ucase('%#ARGUMENTS.route_num#%')
/cfquery
cfreturn ValueList(getEMPID.FirstName)
/cffunction
I am using autosugest to display the data in the text field. as started
keying the id and once the id selected..I get name back in the select
statement sucessfully.
I am done with it But my concern is when I key in the id I should get the
dropdownlist in this format id-firstname.
ex: if id is 1
and the repective employer name is daniel then the autosugest dropdown
shoud show 1-Daniel.
I tried using something like this:
cffunction name=getEMPID access=remote output=false
returntype=string
cfargument name=route_num
cfquery name=get_bnk_name datasource=cfdocexamples
SELECT FirstName,emp_id
FROM Employees
where UCase(FirstName) LIKE Ucase('%#ARGUMENTS.route_num#%')
/cfquery
cfset arrayName = listtoarray(ValueList(getEMPID.FirstName))
cfset arrayemp_id = ListtoArray(ValueList(getEMPID.emp_id))
cfset bankname=arraynew(1)
cfset empName[i] = listtoarray(arrayName[i] '-' arrayemp_id[i])
cfreturn empName
/cffunction
I would really appreciate with any suggestion.
Thanks,
Priya
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad.doubleclick.net/clk;207172674;29440083;f
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321682
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Newbie ... CFSQLTYPE of CFQueryParam
Ah, yes, Francois, you are correct. I forgot to mention that in addition to creating the @var parameters (which you can see in the CF debug output), the CFQUERYPARAM also ensures that you don't get '; BAD SQL INJECTION' stuff getting through into your SET @p1 = '#myUserVar#' expression. Thanks for the catch! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321683 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Newbie ... CFSQLTYPE of CFQueryParam
:::It builds a prepared statement. It doesn't scan or filter anything. You could build a prepared statement yourself. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Are you sure? When I pass a string into a cfqueryparam of type cf_sql_integer I get the error: Invalid data etc for CFSQLTYPE CF_SQL_INTEGER. Which leads me to believe it is being scanned/validated before being sent to MySQL, and also makes me wonder whether cfqueryparam even uses prepared statements. It seems and not just inline SQL variables. ( The exception is a coldfusion.sql.Parameter$DataTypeMismatchException ) On Thu, Apr 16, 2009 at 10:36 AM, Dave Watts dwa...@figleaf.com wrote: It builds a prepared statement. It doesn't scan or filter anything. You could build a prepared statement yourself. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321684 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Newbie ... CFSQLTYPE of CFQueryParam
Just a little thing to add here is that I believe you should parametize all values in your query, whether user generated or constant values or whatever. This is not for security but performance. So: SELECT fu FROM bar WHERE barId = cfqueryparam cf_sql_type=cf_sql_integer value=#id# / AND live = 1 Should be: SELECT fu FROM bar WHERE barId = cfqueryparam cf_sql_type=cf_sql_integer value=#id# / AND live = cfqueryparam cf_sql_type=cf_sql_bit value=1 / The reason (and someone please correct me if I am wrong) is that prepared statements can perform better because the db engine caches their execution plan much in the same way as for stored procedures. By parametizing and supplying the type of each value, you help this process. Indeed I suspect that I have read somewhere that it will not cache at all if it finds values that are not parametized. This is my rough understanding of it; please somebody who knows more clarify or correct the point (I do know that db performance always goes by the rule: it depends though). Dominic ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321685 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Newbie ... CFSQLTYPE of CFQueryParam
Yes he is sure. And he is correct. With a prepared statement, an array of values is sent to the db along with a query string that looks like SELECT * FROM fu WHERE bar = ?. In preparing the statement, each value has to be added to the array using a type specific method (in java). Therefore CF is pretty much forced to validate them at this point. Dominic 2009/4/16 David McGuigan davidmcgui...@gmail.com: :::It builds a prepared statement. It doesn't scan or filter anything. You could build a prepared statement yourself. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Are you sure? When I pass a string into a cfqueryparam of type cf_sql_integer I get the error: Invalid data etc for CFSQLTYPE CF_SQL_INTEGER. Which leads me to believe it is being scanned/validated before being sent to MySQL, and also makes me wonder whether cfqueryparam even uses prepared statements. It seems and not just inline SQL variables. ( The exception is a coldfusion.sql.Parameter$DataTypeMismatchException ) ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321686 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Newbie ... CFSQLTYPE of CFQueryParam
Dominic, you are right that there are exceptions from a performance perspective ... can't remember who blogged about that in detail? See Simon Horwith's for one example: http://www.horwith.com/index.cfm/2009/4/5/some-cf-best-practices-that-break But you are right about the Query Plan getting cached. Not every value has to be a parameter, however, the query just has to be exactly the same. So, if it only ever looks like this: SELECT fu FROM bar WHERE barId = cfqueryparam cf_sql_type=cf_sql_integer value=#id# / AND live = 1 Then that will cache just fine, regardless of the value of #id#. If, however, you also have a query for archived: SELECT fu FROM bar WHERE barId = cfqueryparam cf_sql_type=cf_sql_integer value=#id# / AND live = 0 Then those 2 will have separate Query Plans on the DB server. By contrast, if the 'live' value is param'd, then you can re-use the Query Plan for both queries: SELECT fu FROM bar WHERE barId = cfqueryparam cf_sql_type=cf_sql_integer value=#id# / AND live = cfqueryparam cf_sql_type=cf_sql_bit value=1 / would use the same QP as SELECT fu FROM bar WHERE barId = cfqueryparam cf_sql_type=cf_sql_integer value=#id# / AND live = cfqueryparam cf_sql_type=cf_sql_bit value=0 / ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321687 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Newbie ... CFSQLTYPE of CFQueryParam
Roger that re execution plans Jason, that makes perfect sense. Dominc 2009/4/16 Jason Fisher ja...@wanax.com: LECT fu FROM bar WHERE barId = cfqueryparam cf_sql_type=cf_sql_integer value=#id# / AND live = cfqueryparam cf_sql_type=cf_sql_bit value=1 / ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321688 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Newbie ... CFSQLTYPE of CFQueryParam
Well from what I read today it seems like the performance is improved for reused prepared statements, which may not be how cfqueryparam is implemented. Prepared statements are stored and reused by name, passing in the values for the parameters. So if cfqueryparam is using prepared statements (which my guess would be that it's not), cfqueryparamming all of your variable values would improve performance because the statement itself isn't being re-sent to the RDMS on each subsequent query, only the values. But if it's not, it could actually slightly DIMINISH performance ( because the SQL generated is more verbose because of the variable declarations and binding syntax ). Any experts out there that can enlighten us? On Thu, Apr 16, 2009 at 12:33 PM, Dominic Watson watson.domi...@googlemail.com wrote: Just a little thing to add here is that I believe you should parametize all values in your query, whether user generated or constant values or whatever. This is not for security but performance. So: SELECT fu FROM bar WHERE barId = cfqueryparam cf_sql_type=cf_sql_integer value=#id# / AND live = 1 Should be: SELECT fu FROM bar WHERE barId = cfqueryparam cf_sql_type=cf_sql_integer value=#id# / AND live = cfqueryparam cf_sql_type=cf_sql_bit value=1 / The reason (and someone please correct me if I am wrong) is that prepared statements can perform better because the db engine caches their execution plan much in the same way as for stored procedures. By parametizing and supplying the type of each value, you help this process. Indeed I suspect that I have read somewhere that it will not cache at all if it finds values that are not parametized. This is my rough understanding of it; please somebody who knows more clarify or correct the point (I do know that db performance always goes by the rule: it depends though). Dominic ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321689 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Newbie ... CFSQLTYPE of CFQueryParam
Everything but your guess is correct ;) Dominic 2009/4/16 David McGuigan davidmcgui...@gmail.com: Well from what I read today it seems like the performance is improved for reused prepared statements, which may not be how cfqueryparam is implemented. Prepared statements are stored and reused by name, passing in the values for the parameters. So if cfqueryparam is using prepared statements (which my guess would be that it's not), cfqueryparamming all of your variable values would improve performance because the statement itself isn't being re-sent to the RDMS on each subsequent query, only the values. But if it's not, it could actually slightly DIMINISH performance ( because the SQL generated is more verbose because of the variable declarations and binding syntax ). Any experts out there that can enlighten us? On Thu, Apr 16, 2009 at 12:33 PM, Dominic Watson watson.domi...@googlemail.com wrote: Just a little thing to add here is that I believe you should parametize all values in your query, whether user generated or constant values or whatever. This is not for security but performance. So: SELECT fu FROM bar WHERE barId = cfqueryparam cf_sql_type=cf_sql_integer value=#id# / AND live = 1 Should be: SELECT fu FROM bar WHERE barId = cfqueryparam cf_sql_type=cf_sql_integer value=#id# / AND live = cfqueryparam cf_sql_type=cf_sql_bit value=1 / The reason (and someone please correct me if I am wrong) is that prepared statements can perform better because the db engine caches their execution plan much in the same way as for stored procedures. By parametizing and supplying the type of each value, you help this process. Indeed I suspect that I have read somewhere that it will not cache at all if it finds values that are not parametized. This is my rough understanding of it; please somebody who knows more clarify or correct the point (I do know that db performance always goes by the rule: it depends though). Dominic ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321690 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: cffile action=write file as XML. Put spacing in lines, but resave file on mac spaces disappear
Both very good solutions, but neither is working. I tried doing a replace() while processing, but there is nother there to replace. I tried \r\n, \r. Didnt get an error, but got the same outcome. I also tried supressing white space, with processing directive, same outcome. The generated XML is clean, cant figure out why I would have to open it and save it with a mac thought, it doesnt make sense. the XML ?xml version=1.0 encoding=UTF-8? !DOCTYPE data[ !ELEMENT title (comments, image) !ATTLIST title name CDATA #REQUIRED !ELEMENT comments (#PCDATA) !ELEMENT image (#PCDATA) ] data title name=Patient 108 comments2008 48 Hour Film Project Entry Production Company Unit One Productions Director Lauren Giovanonni *Winner of BEST CINEMATOGRAPHY /comments imageAssets/thumbs/108sm.jpg/image flv../../Assets/flv/108.flv/flv /title /data ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321691 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: cffile action=write file as XML. Put spacing in lines, but resave file on mac spaces disappear
Thanks for the suggestion. I tried it, but got the same outcome. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321692 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: cffile action=write file as XML. Put spacing in lines, but resave file on mac spaces disappear
Great idea, but could not get a replace() to work. There is nother there to replace? ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321693 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Regex 2 Get Image URL...
Any takers? I'm looking to get a RegEx to find the image URL from some HTML. Basically, find the image url from any variation of the img tag, regardless of what attributes are included besides the src= attribute. Variations of the code I'm dealing with might be: img src=http://www.mydomain.com/images/test123.jpg; border=0 img border=0 src=http://www.mydomain.com/images/test123.jpg; img width=100 height=100 src=http://www.mydomain.com/images/test123.jpg; img width=100 height=100 src=http://www.mydomain.com/images/test123.jpg; border=1 img alt= border=0 src=http://www.mydomain.com/images/test123.jpg; Thanks, Che ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321694 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Question about hack
For those interested I have compiled all I know about this attack into a blog post: http://www.coldfusionmuse.com/index.cfm/2009/4/16/iframe.insertion.hack Again, we have not specifically identified the attack but we have lots of information and a stop gap measure :) -Mark Mark A. Kruger, CFG, MCSE (402) 408-3733 ext 105 www.cfwebtools.com www.coldfusionmuse.com www.necfug.com -Original Message- From: Mark Kruger [mailto:mkru...@cfwebtools.com] Sent: Tuesday, April 14, 2009 5:37 PM To: cf-talk Subject: RE: Question about hack Thanks... I'll add that to my list. I have a pretty hefty blog post coming out on this tomorrow (or hopefully tomorrow :). -mark ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321695 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Newbie ... CFSQLTYPE of CFQueryParam
Are you sure? When I pass a string into a cfqueryparam of type cf_sql_integer I get the error: Invalid data etc for CFSQLTYPE CF_SQL_INTEGER. Which leads me to believe it is being scanned/validated before being sent to MySQL, and also makes me wonder whether cfqueryparam even uses prepared statements. It seems and not just inline SQL variables. ( The exception is a coldfusion.sql.Parameter$DataTypeMismatchException ) It's not sent to MySQL directly, it's sent to your JDBC driver, which has to validate it and pass it on. JDBC throws an exception, which is caught and rethrown in CF. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321696 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Newbie ... CFSQLTYPE of CFQueryParam
So if cfqueryparam is using prepared statements (which my guess would be that it's not), cfqueryparamming all of your variable values would improve performance because the statement itself isn't being re-sent to the RDMS on each subsequent query, only the values. But if it's not, it could actually slightly DIMINISH performance ( because the SQL generated is more verbose because of the variable declarations and binding syntax ). Your guess is incorrect. CFQUERYPARAM builds a JDBC prepared statement. Using CFQUERYPARAM may improve or degrade performance, depending on additional factors. The SQL being more verbose is not one of those factors. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321697 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Regex 2 Get Image URL...
Here you go: http://barneyb.com/r/image_src.cfm I'm even wearing my i know regular expressions shirt today. ;) cheers, barneyb On Thu, Apr 16, 2009 at 12:29 PM, Che Vilnonis ch...@asitv.com wrote: Any takers? I'm looking to get a RegEx to find the image URL from some HTML. Basically, find the image url from any variation of the img tag, regardless of what attributes are included besides the src= attribute. Variations of the code I'm dealing with might be: img src=http://www.mydomain.com/images/test123.jpg; border=0 img border=0 src=http://www.mydomain.com/images/test123.jpg; img width=100 height=100 src=http://www.mydomain.com/images/test123.jpg; img width=100 height=100 src=http://www.mydomain.com/images/test123.jpg; border=1 img alt= border=0 src=http://www.mydomain.com/images/test123.jpg; Thanks, Che ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321698 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Newbie ... CFSQLTYPE of CFQueryParam
I can't speak for MySQL, but in MSSQL, every query (not just prepared statements) is processed into a Query Plan before processing. The server then caches as many of these QPs as possible, so that repeated calls to the same 'query definition' do not have the overhead of having to re-generate the QP; they just execute in the pre-defined 'most efficient way'. The difference in performance is, therefore, likely to be greater the more complex the query is. Whether the same holds true for MySQL, I have no idea. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321699 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Regex 2 Get Image URL...
THANK YOU ~Che -Original Message- From: Barney Boisvert [mailto:bboisv...@gmail.com] Sent: Thursday, April 16, 2009 3:40 PM To: cf-talk Subject: Re: Regex 2 Get Image URL... Here you go: http://barneyb.com/r/image_src.cfm I'm even wearing my i know regular expressions shirt today. ;) cheers, barneyb On Thu, Apr 16, 2009 at 12:29 PM, Che Vilnonis ch...@asitv.com wrote: Any takers? I'm looking to get a RegEx to find the image URL from some HTML. Basically, find the image url from any variation of the img tag, regardless of what attributes are included besides the src= attribute. Variations of the code I'm dealing with might be: img src=http://www.mydomain.com/images/test123.jpg; border=0 img border=0 src=http://www.mydomain.com/images/test123.jpg; img width=100 height=100 src=http://www.mydomain.com/images/test123.jpg; img width=100 height=100 src=http://www.mydomain.com/images/test123.jpg; border=1 img alt= border=0 src=http://www.mydomain.com/images/test123.jpg; Thanks, Che ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321700 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Calendar Functionality
I have a calendar that works properly for what it was designed for. What I would like to do is have each date linked to the appropriate date on our master events calendar. This is the portion of the code that displays the current date and is linked to the week's events on the master calendar. Not sure how much of the code you need to see. !--- Highlight the current day of year using an IF-ELSE cfif (#ThisDay# EQ #currentday#) AND (#month# EQ #startmonth#) AND (#year# EQ #startyear#) td align=center bgcolor=##e1e1e1 cfset dayview = #dateformat(createdate(#year#, #month#, #thisday#), mm/dd/)# font class=calendartodaya href=http://esuevents.admin.esu.edu/wv3/wv3_servlet/urd/run/wv_main.Sta rtstrong#ThisDay#/strong/a/font/td cfelse td align=center cfset dayview = #dateformat(createdate(#year#, #month#, #thisday#), mm/dd/)# font class=calendar#ThisDay#/font/td Steve LaBadie, Web Manager East Stroudsburg University 200 Prospect St. East Stroudsburg, Pa 18301 570-422-3999 http://www.esu.edu slaba...@po-box.esu.edu ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321701 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Newbie ... CFSQLTYPE of CFQueryParam
Ah, thanks guys! What I didn't realize is that you can use unnamed / unstored prepared statements through the driver. That makes so much more sense now. So ColdFusion uses dynamically prepared statements which are implemented in the JDBC driver, which is a totally different ballgame from using the pure SQL interface, which requires you to register them by name and then reuse or overwrite them per call. So if I can hunt down the driver syntax for calling that stuff directly can I just use the Java commands from within my dynamic SQL in a cfquery tag? It looks like CF probably uses java.sql.PreparedStatement with syntax like this: PreparedStatement pstmt = con.prepareStatement(UPDATE EMPLOYEES SET SALARY = ? WHERE ID = ?); pstmt.setBigDecimal(1, 153833.00); pstmt.setInt(2, 110592); Does anyone know how I'd just pop that Java into a CFQuery tag? Or can I probably not because cfquery itself is what handles all of that and will already be either a Statement or PreparedStatement object depending on whether it detected any cfqueryparams? If so, does that mean my only option is writing a custom tag to simulate cfquery and having it handle all of that stuff the same way cfquery does? ( Retrieve the datasource info from the adminapi, create and manage the connection, call all of these execution methods and then translate their results to a CFML query object, etc. What a hassle. This is worse than the fact that you can't use cfform controls outside of a cfform tag in CFC cffunctions. Thanks again. On Thu, Apr 16, 2009 at 1:33 PM, Dave Watts dwa...@figleaf.com wrote: So if cfqueryparam is using prepared statements (which my guess would be that it's not), cfqueryparamming all of your variable values would improve performance because the statement itself isn't being re-sent to the RDMS on each subsequent query, only the values. But if it's not, it could actually slightly DIMINISH performance ( because the SQL generated is more verbose because of the variable declarations and binding syntax ). Your guess is incorrect. CFQUERYPARAM builds a JDBC prepared statement. Using CFQUERYPARAM may improve or degrade performance, depending on additional factors. The SQL being more verbose is not one of those factors. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321702 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Question about hack
Hey Thanks Mark, I learnt a bit more about it from reading your article and found more info on it last night when (as you stated) 9:00 rolled around... I have been running a process monitor program that tracks file changes to see what process/program is actually changing the files, and it was coming from cscript.exe which is the executer to execute *.vbs scripts and other visual languages. The executing script was c:/gm.vbs but the script did not exist when I went looking for it So, my thoughts on it are this is just the part doing the dirty work, and there is an actual executable or service somewhere that is making the file and executing it. Here is the info my process monitor spit out about the cscript.exe file that was doing the dirty work: Path: C:\WINDOWS\system32\cscript.exe Command Line: cscript c:\gm.vbs d:\inetpub User: NT AUTHORITY\SYSTEM Started: 4/15/2009 8:57:58 PM Ended: 4/15/2009 9:01:11 PM Architecture: 32-bit I hope this may help anyone else working on this issue, I believe I am extremely close to solving it and just need it to run once more, because this time I have the process monitor tracking almost everything. -Nathan Bruer On Thu, Apr 16, 2009 at 1:31 PM, Mark Kruger mkru...@cfwebtools.com wrote: For those interested I have compiled all I know about this attack into a blog post: http://www.coldfusionmuse.com/index.cfm/2009/4/16/iframe.insertion.hack Again, we have not specifically identified the attack but we have lots of information and a stop gap measure :) -Mark Mark A. Kruger, CFG, MCSE (402) 408-3733 ext 105 www.cfwebtools.com www.coldfusionmuse.com www.necfug.com -Original Message- From: Mark Kruger [mailto:mkru...@cfwebtools.com] Sent: Tuesday, April 14, 2009 5:37 PM To: cf-talk Subject: RE: Question about hack Thanks... I'll add that to my list. I have a pretty hefty blog post coming out on this tomorrow (or hopefully tomorrow :). -mark ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321703 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Calendar Functionality
Not sure what you're looking for Steve ... just the syntax for adding your 'dayview' value to the URL string? Also, as a side note, you can get rid of most of those # signs ... The following will add your computed date to the URL string in a 'safe' format, passing it as a variable called 'date': cfif (ThisDay EQ currentday) AND (month EQ startmonth) AND (year EQ startyear) td align=center bgcolor=##e1e1e1 cfset dayview = dateformat(createdate(year, month, thisday), mm/dd/) font class=calendartodaya href=http://esuevents.admin.esu.edu/wv3/wv3_servlet/urd/run/wv_main.Startdate=#urlEncodedFormat(dayview)#strong#ThisDay#/strong/a/font /td cfelse td align=center cfset dayview = dateformat(createdate(year, month, thisday), mm/dd/) font class=calendar#ThisDay#/font /td ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321704 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Newbie ... CFSQLTYPE of CFQueryParam
Nevermind, you can totally hack cfquery! Woot. Thanks for all the help. On Thu, Apr 16, 2009 at 1:59 PM, David McGuigan davidmcgui...@gmail.comwrote: Ah, thanks guys! What I didn't realize is that you can use unnamed / unstored prepared statements through the driver. That makes so much more sense now. So ColdFusion uses dynamically prepared statements which are implemented in the JDBC driver, which is a totally different ballgame from using the pure SQL interface, which requires you to register them by name and then reuse or overwrite them per call. So if I can hunt down the driver syntax for calling that stuff directly can I just use the Java commands from within my dynamic SQL in a cfquery tag? It looks like CF probably uses java.sql.PreparedStatement with syntax like this: PreparedStatement pstmt = con.prepareStatement(UPDATE EMPLOYEES SET SALARY = ? WHERE ID = ?); pstmt.setBigDecimal(1, 153833.00); pstmt.setInt(2, 110592); Does anyone know how I'd just pop that Java into a CFQuery tag? Or can I probably not because cfquery itself is what handles all of that and will already be either a Statement or PreparedStatement object depending on whether it detected any cfqueryparams? If so, does that mean my only option is writing a custom tag to simulate cfquery and having it handle all of that stuff the same way cfquery does? ( Retrieve the datasource info from the adminapi, create and manage the connection, call all of these execution methods and then translate their results to a CFML query object, etc. What a hassle. This is worse than the fact that you can't use cfform controls outside of a cfform tag in CFC cffunctions. Thanks again. On Thu, Apr 16, 2009 at 1:33 PM, Dave Watts dwa...@figleaf.com wrote: So if cfqueryparam is using prepared statements (which my guess would be that it's not), cfqueryparamming all of your variable values would improve performance because the statement itself isn't being re-sent to the RDMS on each subsequent query, only the values. But if it's not, it could actually slightly DIMINISH performance ( because the SQL generated is more verbose because of the variable declarations and binding syntax ). Your guess is incorrect. CFQUERYPARAM builds a JDBC prepared statement. Using CFQUERYPARAM may improve or degrade performance, depending on additional factors. The SQL being more verbose is not one of those factors. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321705 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Newbie ... CFSQLTYPE of CFQueryParam
If so, does that mean my only option is writing a custom tag to simulate cfquery and having it handle all of that stuff the same way cfquery does? ( Retrieve the datasource info from the adminapi, create and manage the connection, call all of these execution methods and then translate their results to a CFML query object, etc. It is so, but I think the option of creating the custom tag is both mildly barmy and not the only option. A possible easier coding solution may be to create a component that builds and executes a cfquery by taking a java style prepared statement. A rough idea: cfcomponent set variables.dsn = / cffunction name=init ... init component and set datasource name/cffunction cffunction name=executePreparedStatement returntype=query cfargument name=statement type=string hint=eg. select * from foo where bar = ? / cfargument name=params type=array hint=Array of structs with two keys, 'type' and 'value' / cfset var theQuery = / cfquery name=theQuery datasource=#_dsn# ...// code to parse the statement and insert cfqueryparams in place of the '?'s /cfquery cfreturn theQuery / /cffunction /cfcompont What a hassle. This is worse than the fact that you can't use cfform controls outside of a cfform tag in CFC cffunctions. I don't believe it makes sense for CF to be able to do what you are asking. Given a bare cfqueryparam .../, how is it to know what to do with it? Dominic ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321706 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Newbie ... CFSQLTYPE of CFQueryParam
Sounds interesting :). Give all the googlers a bone and drop us a link or an explanation... 2009/4/16 David McGuigan davidmcgui...@gmail.com: Nevermind, you can totally hack cfquery! Woot. Thanks for all the help. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321707 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: Question about hack
Aweome Nate... I'm going to add this as an adendum to my post... Mark A. Kruger, CFG, MCSE (402) 408-3733 ext 105 www.cfwebtools.com www.coldfusionmuse.com www.necfug.com -Original Message- From: ALL [mailto:thegreat...@gmail.com] Sent: Thursday, April 16, 2009 3:06 PM To: cf-talk Subject: Re: Question about hack Hey Thanks Mark, I learnt a bit more about it from reading your article and found more info on it last night when (as you stated) 9:00 rolled around... I have been running a process monitor program that tracks file changes to see what process/program is actually changing the files, and it was coming from cscript.exe which is the executer to execute *.vbs scripts and other visual languages. The executing script was c:/gm.vbs but the script did not exist when I went looking for it So, my thoughts on it are this is just the part doing the dirty work, and there is an actual executable or service somewhere that is making the file and executing it. Here is the info my process monitor spit out about the cscript.exe file that was doing the dirty work: Path: C:\WINDOWS\system32\cscript.exe Command Line: cscript c:\gm.vbs d:\inetpub User: NT AUTHORITY\SYSTEM Started: 4/15/2009 8:57:58 PM Ended: 4/15/2009 9:01:11 PM Architecture: 32-bit I hope this may help anyone else working on this issue, I believe I am extremely close to solving it and just need it to run once more, because this time I have the process monitor tracking almost everything. -Nathan Bruer On Thu, Apr 16, 2009 at 1:31 PM, Mark Kruger mkru...@cfwebtools.com wrote: For those interested I have compiled all I know about this attack into a blog post: http://www.coldfusionmuse.com/index.cfm/2009/4/16/iframe.insertion.hac k Again, we have not specifically identified the attack but we have lots of information and a stop gap measure :) -Mark Mark A. Kruger, CFG, MCSE (402) 408-3733 ext 105 www.cfwebtools.com www.coldfusionmuse.com www.necfug.com -Original Message- From: Mark Kruger [mailto:mkru...@cfwebtools.com] Sent: Tuesday, April 14, 2009 5:37 PM To: cf-talk Subject: RE: Question about hack Thanks... I'll add that to my list. I have a pretty hefty blog post coming out on this tomorrow (or hopefully tomorrow :). -mark ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321708 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Populated PDF form won't open
For some time, I have created PDF documents using the cfdocument tag, building the content with information pulled from a database, then saved as a PDF via cfdocument. No problems. However, a client and I decided we wanted to have a little more control over the format of the document, so we created a PDF form in Acrobat Pro. I'm using cfpdfform and cfpdfformparams to dynamically populate the form fields from the database. The resulting filled-in form is then saved with a different file name to a different directory. The problem is, there seems to be some compatibility issue with the filled-in versions. When they are opened in Acrobat Reader 7 or 8, the result is an error message: There was a problem reading this document (131). Since the document opens fine in Reader 9 or Preview, it seems like a version compatibility problem. Yet, when I tried to work around the problem by re-opening the final file and re-writing it (cfpdf action=write overwrite=true flatten=true), the error persists -- even when I add a version attribute of 1.4 (which a very old Acrobat version) to the cfpdf tag. Has anyone ever seen anything like this? -- Thanks, Tom Tom McNeer MediumCool http://www.mediumcool.com 1735 Johnson Road NE Atlanta, GA 30306 404.589.0560 ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321709 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Populated PDF form won't open
For some time, I have created PDF documents using the cfdocument tag, building the content with information pulled from a database, then saved as a PDF via cfdocument. No problems. However, a client and I decided we wanted to have a little more control over the format of the document, so we created a PDF form in Acrobat Pro. I'm using cfpdfform and cfpdfformparams to dynamically populate the form fields from the database. The resulting filled-in form is then saved with a different file name to a different directory. The problem is, there seems to be some compatibility issue with the filled-in versions. When they are opened in Acrobat Reader 7 or 8, the result is an error message: There was a problem reading this document (131). Since the document opens fine in Reader 9 or Preview, it seems like a version compatibility problem. Yet, when I tried to work around the problem by re-opening the final file and re-writing it (cfpdf action=write overwrite=true flatten=true), the error persists -- even when I add a version attribute of 1.4 (which a very old Acrobat version) to the cfpdf tag. Has anyone ever seen anything like this? -- Thanks, Tom Tom McNeer MediumCool http://www.mediumcool.com 1735 Johnson Road NE Atlanta, GA 30306 404.589.0560 ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321710 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Verity and the parenthesis characters?
I think you escape in Verity with \. It is in the docs though. I'm certain of that. On Thu, Apr 16, 2009 at 10:26 AM, Joe None drue...@comcast.net wrote: How do you send in a parenthesis () value to Verity without it throwing up? I've tried URLEncodedFormat() and URLDecode(), neither seems to work well. An example of a search value would be plan(b). ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321711 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Newbie ... CFSQLTYPE of CFQueryParam
Anyone remember this article? http://coldfusion.sys-con.com/node/45569 Lets you drop down into Java and pull out the field types that your db reports back to the JDBC driver. Its neat on the surface, but too expensive on resources to use on the fly. Plus you have to put the for-real username and password directly into the template... Using vars doesn't work. Still, I like to use it during development if I have a monster query that I need to write up. Saves me the need to look back and forth from screen to screen to determine what the next cfsqltype is in my query list. Or stick it in front of a custom tag that writes the sql and cfqueryparams for you !--- cfmodule template=create_record.cfm dbUserName=#attributes.DBUserName# dbPassword=#attributes.DBPassword# DSN=#attributes.DSN# tableName=woof fieldList=arf,bark,ruff,meow SQLTypeList=CF_SQL_VARCHAR,CF_SQL_VARCHAR,CF_SQL_VARCHAR,CF_SQL_VARCHAR valueList=how,now,brown,cow --- cfquery username=#attributes.DBUserName# password=#attributes.DBPassword# datasource=#attributes.DSN# INSERT INTO #attributes.tableName# ( #attributes.fieldList# ) VALUES ( cfloop list=#attributes.fieldList# index=FieldValue cfset variables.LoopCounter=ListFindNoCase(attributes.fieldList,FieldValue) cfqueryparam cfsqltype=#ListGetAt(attributes.SQLTypeList,variables.LoopCounter)# value=#ListGetAt(attributes.valueList,variables.LoopCounter)# null=#YesNoFormat(not Len(ListGetAt(attributes.valueList,variables.LoopCounter)))# cfif compareNoCase(ListLast(attributes.fieldList),FieldValue),/cfif /cfloop ) /cfquery -- -...@robertson-- Janitor, The Robertson Team mysecretbase.com ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321712 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Newbie ... CFSQLTYPE of CFQueryParam
So my real issue was that I wanted to super dynamically assemble the SQL and then either execute it or do a variety of other things with it ( which I won't go into ). If you try to use cfqueryparam outside of a containing cfquery, ColdFusion breaks. So, cfsavecontent ...cfqueryparam... /cfsavecontent if something do something else with it else cfquery it errored. By hacking cfquery, I mean that it suddently occured to me that you can do this, instead of the other options: cfquery cfsavecontent ...cfqueryparam... /cfsavecontent if something select false else #cfsavecontent# /cfquery if something return cfsavecontent else return queryName Note that you'll still need to not use cfqueryparam in cases where you won't be executing the query ( and swap in the unprocessed values or placeholders ), but in my case that still dramatically reduced the code necessary to support the multiple channels ( solved my problem ). It's very hacky, but worked like a charm. On Thu, Apr 16, 2009 at 2:40 PM, Dominic Watson watson.domi...@googlemail.com wrote: If so, does that mean my only option is writing a custom tag to simulate cfquery and having it handle all of that stuff the same way cfquery does? ( Retrieve the datasource info from the adminapi, create and manage the connection, call all of these execution methods and then translate their results to a CFML query object, etc. It is so, but I think the option of creating the custom tag is both mildly barmy and not the only option. A possible easier coding solution may be to create a component that builds and executes a cfquery by taking a java style prepared statement. A rough idea: cfcomponent set variables.dsn = / cffunction name=init ... init component and set datasource name/cffunction cffunction name=executePreparedStatement returntype=query cfargument name=statement type=string hint=eg. select * from foo where bar = ? / cfargument name=params type=array hint=Array of structs with two keys, 'type' and 'value' / cfset var theQuery = / cfquery name=theQuery datasource=#_dsn# ...// code to parse the statement and insert cfqueryparams in place of the '?'s /cfquery cfreturn theQuery / /cffunction /cfcompont What a hassle. This is worse than the fact that you can't use cfform controls outside of a cfform tag in CFC cffunctions. I don't believe it makes sense for CF to be able to do what you are asking. Given a bare cfqueryparam .../, how is it to know what to do with it? Dominic ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321713 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Populated PDF form won't open
However, a client and I decided we wanted to have a little more control over the format of the document, so we created a PDF form in Acrobat Pro. I'm using cfpdfform and cfpdfformparams to dynamically populate the form fields from the database. The resulting filled-in form is then saved with a different file name to a different directory. The problem is, there seems to be some compatibility issue with the filled-in versions. When they are opened in Acrobat Reader 7 or 8, the result is an error message: There was a problem reading this document (131). Since the document opens fine in Reader 9 or Preview, it seems like a version compatibility problem. When you say you created the PDF form in Acrobat Pro, you mean LiveCycle Designer, right? When you saved the PDF, did you choose Static PDF Form or Dynamic XML Form? Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321714 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Question about hack
A few ideas: 1. Set the ftp security to only allow connections from specific IP addresses. If the user has a dynamic ip, then use his entire range.. better than letting the entire world in 2. Your blog shows why I said to Michael to reformat the drive and reinstall everything when he was attacked. Once you let someone else get access to your server, there is no way you can ever trust it again. It has to be reformatted. 3. I know it isn't the right way to fight an attack, but for this specific attack, just put your index.cfm file into a different file, then have your index.cfm file just do a cflocation to that page. If the hack adds stuff to the index.cfm page, nothing will happen to the users. At 03:31 PM 4/16/2009, you wrote: For those interested I have compiled all I know about this attack into a blog post: http://www.coldfusionmuse.com/index.cfm/2009/4/16/iframe.insertion.hack Again, we have not specifically identified the attack but we have lots of information and a stop gap measure :) -Mark Mark A. Kruger, CFG, MCSE (402) 408-3733 ext 105 www.cfwebtools.com www.coldfusionmuse.com www.necfug.com -Original Message- From: Mark Kruger [mailto:mkru...@cfwebtools.com] Sent: Tuesday, April 14, 2009 5:37 PM To: cf-talk Subject: RE: Question about hack Thanks... I'll add that to my list. I have a pretty hefty blog post coming out on this tomorrow (or hopefully tomorrow :). -mark ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321715 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: file permissions
should i understand the cfcontent tag? Yes. CFCONTENT lets you use CF to serve non-CF files. If you put files in the web server's directories, and serve them directly, you can't easily control access to those files from within your CF application. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321716 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
