what makes Dr and Prof special, compared to the hundreds of other
similar ones?
According to the typographic code, there are rules about abreviations.
For common words as Doctor, Mister, etc, there are may ways to abreviate
them, but
only one complies with rules and is considered as correct.
Heh. If it's a drop down, I wouldn't bother with a regex:
I wouldn't even bother with any verification at all.
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
My only thought on that is to detect the fact that they are a spider
(not sure how to do that though) and not implement security in that case.
Oups, not a good idea. There are mainly two sorts of spiders: good bots
(ie:google)
and bad bots (ie: those looking for mail addresses to spam)
In
is there a good bot/bad bot list?
Not as I know, anyway, one cannot rely on user agents which can be faked
so easily.
Personally, I let just a few known bots in, based on the IP address, the
only parameter that
cannot be faked.
For every other request, I have some tools that analyze
Not as I know, anyway, one cannot rely on user agents which can be faked
so easily.
Just to illustrate this, as I was writing my last message, I just
received a notice from my server
reporting a new bad bot detected.
its user agent is Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
Looks to me as though it is blocking SQL injection attacks
It doesn't block anything, it SENDS SQL injection attacks!
MY application blocked it. ;-)
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic
Here's my question.do you store 12 in the database, or 12quot;
Does it matter?
Use '12' what's the problem?
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
So why isn't this working then?
cfset UserCount = #Users.Recordcount#
cfset Question = #Replace(FAQ.Question, '$$UserCount$$',
#usercount#, ALL)#
You're not using # signs correctly :
cfset UserCount = Users.Recordcount
cfset Question = Replace(FAQ.Question, '$$UserCount$$',
Replace(FAQ.Question, '$$UserCount$$', usercount, ALL)
It may also be an question of upper/lower case.
Are you sure you always have UserCount ?
If not, use replaceNoCase() instead.
just doesn't show any usercount.
Does it show any '$$UserCount$$' then ?
Yes, I know scoping my variables is a
good thing now and I will from now on when needed. But honestly, it so
rarely comes up as an issue
Right. A good practice to avoid trouble if you don't scope is at least
to use different
names for variables in different scopes, especially with queries.
The
When processing this form I need to check for the existence of any of the
check boxes.
Yeah, this is really a design problem in HTML, the name of an unchecked
checkbox is not passed
by the browser in the HTTP protocol.
IMHO some default value would pretty useful, ie:
INPUT NAME=myCheckBox
I wish there was some way to counter attack!!! H
Well, based on the fact that attacks come from infected PC which even
ignore they were infected,
it would be pretty useless to counter-attack the IP address from which
the attack came.
BUT, all theses attacks tend to inject spammy links to
But It looks something strange to me
Then you must be a sane and well-balanced person ;-)
and I quit.
Believe me, that was your best decision ;-)
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release
I've tried several methods to get this code into an array with
the filename as the first array element and the description as the
second array element
May be you don't need to go that far in creating an array.
Just create a single array the way you did it, with both the file name
and the
I really really wish that someone would come up with a standard that
will work in every browser.
In my experience:
1. option tag cannot include any HTML child;
2. option style only support color, no background, no bold, italic or so.
Or a browser that adheres to the standard?
C'mon, we are in a developer forum here, any developer should be concern
by the way their application behaves on the client side, and like it or not,
about 80% of client use Explorer.
Looked at a few examples online, none of which were very impresive.
Need something direct and simple... any ideas?
It would certainly help to understand what you are looking for if you
could give us the addresses for these examples.
lcase(form.First_Name)
First of all, you could avoid calling the lcase function 6 times on the
same expression:
store lcase(form.First_Name) once for all in one variable, and use this
variable in your tests.
But this is just a general consideration.
What you need here is some regExp, ie
cfif
Here's the problem -
One of the reasons I stopped using CFFORM more than10 years ago
and developed my own tags and JS validation... ;-)
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get
Are nested loops allowed in fusebox 5?
I'm not sure I understand your question:
Fusebox is not a language, just a framework, and as such has no mean to
allow
loops or not.
Fusebox relies on the ColdFusion language, and yes, CF allows nested loops.
I thought maybe the Yes/No column was throwing it
This is also my guess.
Yes may be recognized by Access when the query is submitted directly,
but it is not standard SQL and the JDBC driver will interpret it as a
column name.
Try INT_PARTRETURNED = 1 instead (don't include instead in the query
The variable application. ends with a . character.
This looks to me like appconfig.code_name is an empty string.
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
Also, the [] is an invalid constrict in coldfusion.
well, if appconfig.code_name is an empty string, then
[appconfig.code_name] will be equivalent to [], which is an invalid
constrict in coldfusion.
If I were you, I'll really make sure appconfig.code_name is not an empty
string ;-)
Just try
Extracting files from .ZIP:
This means PKZIP started correctly and found the zip file, but the
extraction is not over,
probably because the console program is waiting for the password to be
entered.
It looks like the password parameter is used to zip a file, but not for
unzipping.
You may
OK, I looked in the documentation, and can confirm the syntax for the
password option:
-password=bsz3xuYD
See the = sign in the command.
If there is a space after password, the the program will read the
password from the console.
Finally found an old online pkzip 2.5 manual.
Good.
Note that you can also:
- open Windows Explorer,
- find your PKZIP25.exe file,
- double clic on it to execute,
This open a console window, enter ?
and you have a list of all commands and options.
Yes, I did that when you recommended it. It just didn't show
the syntax for using the commands.
Ok, like in most DOS programs, if you type ?command,
you get details about a command, ie: ?extract or ?password
~|
Adobe®
is there a way to use the password with cfzip action=unzip ?
Personally, I create and CFEXECUTE a bat file which runs a 10 years old
version of PKZIP.
It supports compression/decompresssion and passwords and still works
pretty well.
Would you mind sharing an example of how you use CFExecute
and the bat file to process a certain list of files?
I just reopen the file were I use it, and I see that I don't use the bat
file anymore, this was in version 1.0.
Now I pass the parameter directly through CFEXECUTE:
CFEXECUTE
Any oppinion is appreciated.
Well, IMO, the big idea of thumbnails is to show many images roughly and
in the same page,
so that the user can choose only the one in want in large format.
Having to read and downsize 10 or 20 or more images is not really
compatible with this purpose.
The images
you only need wipe that directory clean and
everything will start being regenerated.
Very brilliant indeed.
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
I should have clarified that I am not passing a date such as
mm/dd/. The year dropdown contains the values 1-5 that the user can
select, the month is 1-11, and the days are 1-30. What I am trying to do
is for example, when if a user selects 2 years 2 months 2 days then I
need to convert
I need to convert those values to days and add them up.
Ok, but to add them up to WHICH date ?
Or do you consider every month to be 30 days and every year to be 365
days in general?
If yes, then just use dateAdd (d, form.years*365 + form.months*30 +
form.days, dateToBeAdded)
Ideas?
First, I would check if the file
e:\inetpub\webroot\real_estate_data\smlc\daily_downloads\zip_files\extract_log.txt
has been created and, if yes, if it contains any message errors.
Also make sure you have no line breaks inside the arguments parameter string
For other parameters in
Is there some way I can use cfhttp to access the files listed
on the web page and download them?
No, in order to use CFFTP, you need some FTP account on the aimed server.
I click on the link and it takes me to a page in the browser that
lists the files I need.
Ok, then you do have the name of
How can I use wildcard characters in a file path?
In a file path for what ?
If it is for an HTTP request, the answer is no.
If it is for CFFILE, it is still no.
Using wild cards could mean that several files could be returned, and
both HTTP and CFFILE can deal with only one file at a time.
The question would really just apply to files.
Well, it DOES depend on how you want and can finally get the file.
Is the file on YOUR server, or somewhere else.
Is the file accessible through HTTP, FTP ?
If the file is not on your server, surely you cannot use CFdirectory.
If you only have HTTP
using
so regExp.
I mean *some* regExp.
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad.doubleclick.net/clk;203748912;27390454;j
Archive:
Because that isn't what HTTP was ever designed to do. They made a whole
protocol just to handle this: FTP.
I think this kind of argument is completely obsolete now.
Both HTTP and FTP were designed to allow exchanges between computers
made by computer scientists.
Now, at least for HTTP, their
If they're still clicking and selecting then it isn't more risk per
se, but
creates issues in usability for the user. If they're not careful they could
theoretically upload their entire My Documents folder without realizing it
when they intended to send one file.
Right, but the browser could
I'll bet if I asked all of my
clients to zip up a folder of folders, only 10% would know
how to do it without in-depth instruction.
Then you have a problem.
All depends on the kind of application you have and the kind of clients
who are using it.
Because browsers weren't designed to allow you to do that.
Again, this is not a reason they could not be upgraded to do it.
Browsers were not designed to support tables and CSS either, now they do.
~|
Adobe® ColdFusion® 8
Is there some way to pre-fill a filefield value?
Forget it.
Imagine it was possible, then a page could get directly some very
sensitive files
like your system files, or address book...
~|
Adobe® ColdFusion® 8 software 8 is the
and all they would need
to do was submit the form.
Not even, this could be done in an onload event ;-)
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
Sometimes clients want to load 20 photos or more of a property
and they complain about having to select each photo individually.
Exact, one should be able to upload every thing like *.jpg in a
directory, or select several files in it.
I've implemented another solution were clients can send all
how does the
CFC measure the height and width of text
without resorting to an image
Any decent text/Image processing library will provide some function to
calculate
the physical length of a string given a specific font and size.
And I'm pretty sure Ray's CFC is using a decent library.
Does FoxPro have case-sensitive column names?
It could be an issue with table names, since tables are actually files,
but not for columns.
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Does anyone else know of any other ways?
Plenty of them, but no one is better ;-)
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
they are back.
Yeah, here too.
--
___
REUSE CODE! Use custom tags;
See http://www.contentbox.com/claude/customtags/tagstore.cfm
(Please send any spam to this address: [EMAIL PROTECTED])
Thanks.
Going through 136+ posts seems a bit too much, many thanks.
Arn't you affraid to get even more if you start another thread again? ;-)
--
___
REUSE CODE! Use custom tags;
See http://www.contentbox.com/claude/customtags/tagstore.cfm
(Please send any spam to
Not as far as technique, but it was much larger in scale than most of us
have experience before.
By the way, are you still getting hits from this attack?
I don't see any anymore.
--
___
REUSE CODE! Use custom tags;
See
ULs and LIs are better for search engine optimization.
???
Plus they're better semantic code.
???
--
___
REUSE CODE! Use custom tags;
See http://www.contentbox.com/claude/customtags/tagstore.cfm
(Please send any spam to this address: [EMAIL PROTECTED])
So it's a little lighter, codewise, plus ULs and LIs are MEANT to display
lists of things while tables are not.
Frankly, I don't see your point.
ULs and LIs are meant to display lists, right, but what you want to do
is not a list,
it is a TABLE, so why not use a table ?
--
this isn't really tabular data. It's simply a list of links.
This distinction is completely academic and irrelevant.
The purpose of a table in HTML has never be to display data exclusively,
but anything.
HTML is a formating language, not a database facility.
When you display things so they look
So even if I'm only saving a few characters, it's better than using a
TABLE.
Provided you know how to do it.
If you have to ask other people, then you are creating your own problem,
just for saving a few characters...
Besides...TABLEs are for tabular data. Sure you CAN put other stuff into
then HTML tables are best
used for database type information.
No doubt about that.
But the question here is should I use a table to output a list
if I want it to look like a table, my answer is definitely YES.
The only purpose on HTML is to define the layout of a page.
If your layout requires
Tables were intended to display tabular data.
Correct, then if you want a list to be displayed as a tabular data, use
a TABLE.
--
___
REUSE CODE! Use custom tags;
See http://www.contentbox.com/claude/customtags/tagstore.cfm
(Please send any spam to this
I hate to drag this out further
Me too...
--
___
REUSE CODE! Use custom tags;
See http://www.contentbox.com/claude/customtags/tagstore.cfm
(Please send any spam to this address: [EMAIL PROTECTED])
Thanks.
I'm looking to output a series of ULs and LIs in a 3 column fashion
Why ULs? Isn't this more a table case?
--
___
REUSE CODE! Use custom tags;
See http://www.contentbox.com/claude/customtags/tagstore.cfm
(Please send any spam to this address: [EMAIL
I have a client whos old site (in ASP) is converting over to our CF
storefront. We have the old ID values for their products and have
stored them alongside the new ID values for the new store.
If you are not running other ASP applications on this server, you could
also set IIS to send ASP
I have a very simple batch file
Don't forget that the default directory used by the bat file is not the
one the bat file resides,
but the on from which it is run. In this occurrence, it is the CF directory.
Then you may have to set the working directory from inside the bat file
itself.
--
I want to loop through a directory in my codebase and return a list
of href tags
This could be easily handled by CF_Reextract.
You can get all your hrefs in a query using simple regExps.
See http://www.contentbox.com/claude/customtags/REextract/testREextract.cfm
--
100 IPs is hardly any RAM. I'd use 10k entries, just as a starting
number and
scale down if it really becomes an issue.
Another approach would be to store also the date the IP was entered in
the list,
and remove it after a certain number of days.
--
___
very few bots accept cookies. I've never actually seen one that does,
but I have read it is possible to write one that will.
If you use CF to write the bot, for instance ;-)
--
___
REUSE CODE! Use custom tags;
See
Then 20-30 minutes later he would show up again with a different IP.
How do you know it was the same guy ?
May be it was the same bot doing the same thing, but these bots are just
like viruses,
they spread anywhere.
--
___
REUSE CODE! Use custom tags;
See
Various people have been warning in the last few weeks that this sort of
scatter gun approach that started with ASP-based sites is now migrating to
ColdFusion powered ones.
And it is growing up.
Yesterday, my bad bot closed the door to about 50 attacks, and this
morning I have 60 reported.
blocking specific IP addresses won't
get you very far here, because it's a random.
blocking IP addresses won't prevent injection in your database if it is
not protected,
but if an attack is detected the very first attempt, it will save
thousands of useless HTTP
requests on your sites, because
Tuesday night received about 20 thousands instances (not an
exaggeration). Slowing down now for us, but, heh, it's early.
This is were banning IPs at the first attempt will reduce this pollution.
If the attack is detected at the first attempt, and the address banned,
the statistics will show
Claude, could you possibly share your code that stores the bad IP
addresses
for a period of time to prevent these useless http requests? Thanks, CV.
Well, I'd be happy to, but it is a rather complete and complicated system.
It works for all sites/domains on the CF server, uses a database, and
I'd like to know how I can stop the requests from ever hitting the
web-server.
If you detect the attack at the first request, and block the IP, the bot
will
not even get the first page, will not see all links in it, and will not
search your entire server.
--
I was hoping to find an elegant solution that stored the Ips in the
application scope for the length of the session timeout and then gracefully
removed the banned Ips once the session timed out.
How about doing this:
- Create a server scope array or list (if you have several sites), or
just in
Your system appears to be infect with a bot and it is
currently banned from access this site...
The cherry on the sundae ;-)
In this page, I even have a form so the user can give his address and
claim his innocence ;-)
--
___
REUSE CODE! Use custom tags;
See
I'm a little bermused as to why you'd create such a response guys.
Just to make sure I give a chance to a legitimate user, in case my
robot detection was a bit too strong.
For instance, I also have a test based on the number of HTTP request per
second
in order to discriminate robots from human.
Serve the docs using cfcontent and secure the folder from direct
access using your webserver.
and if you can't create a secure folder, rename your files to .cfm,
store them in a special folder, add some Application.cfm that will
prevent direct access, and restore the original file name when
I am afraid your right we might have to do a re-install.
If restarting CF fails, and BEFORE reinstalling CF, one could try to
restart the server.
--
___
REUSE CODE! Use custom tags;
See http://www.contentbox.com/claude/customtags/tagstore.cfm
(Please send
I feel it is ridiculous.. What is the reasoning behind this if it si
true?
The reasoning is that is allows for a more efficient alternative to the
general case
if(expression1 == value1 ) ... elseif(expression2 == value2) ...
elseif(expression3 == value3) ...construct,
in the particular case
switch () in java allows constants to be used in case. I wish cf did too.
CF does allow constants in case. Do you actually mean java allows
VARIABLES in case?
If yes, then no, like CF, Java allows only constantExpressions in case.
--
___
REUSE CODE! Use
I changed
document.getElementById(character).innerHTML=xmlHttp.responseText;
to..
document.getElementById(character).value=xmlHttp.responseText;
This will not show anything, since the element character is a div, it
has no value.
Only input element have values.
So all what the statement
Just put this style in the first P or BR for your new page:
STYLE=page-break-before: always;
--
___
REUSE CODE! Use custom tags;
See http://www.contentbox.com/claude/customtags/tagstore.cfm
(Please send any spam to this address: [EMAIL PROTECTED])
Thanks.
Simple hack might be to have a 'hidden field' on your form that
concats the 4 fields into 1 field with a specified delimeter. This way
you are passing one var with all 4 lines. When it returns from the
paypal side, you can 'parse' the data into four lines again using the
specified
that's a little bit of irony there
I do not see anything but truth ;-)
And there is no irony here ;-)
--
___
REUSE CODE! Use custom tags;
See http://www.contentbox.com/claude/customtags/tagstore.cfm
(Please send any spam to this address: [EMAIL PROTECTED])
I hear constantly how Microsoft is evil
the best answer I got in this category is about Thunderbird's buggy message
pane not able to add a scroll bar:
message pane is total mess of a code nobody want to touch.
Apparently Open source nerds have redesigned the way panels are handled,
cause Windows
almost anyone who can use the computer can add 3+5
Some people can even do it without using a computer ;-)
--
___
REUSE CODE! Use custom tags;
See http://www.contentbox.com/claude/customtags/tagstore.cfm
(Please send any spam to this address: [EMAIL
Anyone have any experience with Google Checkout or any other
companies that
I should look into?
Yes, good question.
I have the feeling that if a significant number of developers here are
complaining about Paypal,
it may be just because Paypal having been around for such a long time,
there
Did you just say you should NEVER do something?
With a wink, yes I did ;-)
--
___
REUSE CODE! Use custom tags;
See http://www.contentbox.com/claude/customtags/tagstore.cfm
(Please send any spam to this address: [EMAIL PROTECTED])
Thanks.
how about changing cfquery so that by default, only ONE sql
statment can be sent. Let us override that with a parameter in
cfquery or a cfprocessing driective type of thing in our
application.cfm..
Pretty good idea.
I doubt many people use multiple sql statements in one cfquery,
Also
That is more a function of the db.
Exact, and I don't see how CF could prevent from multiple execution.
It should compile the SQL code for that, and it does not.
Unless ODBC/JDBC drivers have a function to disable it.
--
___
REUSE CODE! Use custom tags;
See
I have to hand it to Claude - he definitely has confidence
Well, unless ODBC and JDBC have some function to enable/disable multi
statements,
It would certainly be much trouble to implement this in CF.
I've checked rapidly in the ODBC docs, and I don't see any reference to
multi statement.
If you run this piece of code the first value will be 6.2, second
will be a
NO and then toString will result in 6.199.
This is neither a CF bug, neither a Java behavior.
This is a normal behavior in digital computers and the way real numbers
are stored.
If #c# seems to be output
This is a classic reason why that sort of blocking method
is in my opinoin only useful for a temproary stop gap.
It is actually only safe and useful for numeric parameters or dates, but
for text fields
obviously, something more accurate must be used.
And CFQUERYPARAM won't help either.
--
Keywords and banning IPs by themselves are not the answer
Exactly. But t helps to reduce the impact.
There is no panacea, only a set of measures.
--
___
REUSE CODE! Use custom tags;
See http://www.contentbox.com/claude/customtags/tagstore.cfm
(Please send
and Billy New-Developer comes along and decides that
someOtherQuery.someOtherValue could really do with coming directly from the
user? Will he add the cfqp if it's not already there?
This is irrelevant, because:
1. if both fields are numeric, there is no possibility
OtherQuery.someOtherValue
var listSQLInject =
cast,exec,execute,sp_executeSQL,revoke,grant,select,insert,update,delete,dr
op,--,';
Don't forget to include user in your list. The first thing hackers try
generally is to get to
your table of users and passwords.
--
___
REUSE CODE! Use
Do you fully understand what cfqueryparam does when binding text
parameters into the query?
Yes, fully.
I've designed CFX_ODBCinfo, and some other tools, and I'm pretty aware
of the way ODBC or JDBC drivers work.
This is precisely why I can say when it is useful and when it is not.
--
But Billy has been told to turn:
SET myValue = #someOtherQuery.someOtherValue#
into:
SET myValue = #FORM.someOtherValue#
Then obviously, he should add CFQP to the line of code in the same time,
what's the problem?
My point is just that in some situations, CFQP is useless,
of course, is you
In our case, what
happened was that we dropped a column that hadn't been in use for awhile,
and everything broke because of the SELECT * and cfqueryparam.
It may be a silly question, but why a SELECT * will brake because an
unused column
was dropped?
--
___
It shouldn't make a difference if the SELECT * is in a cfquery
I see.
A very particular situation though. It will not prevent me from using
SELECT * when
I need all fields. This is more efficient than list all of them.
On the opposite, using SELECT * just to get a record count is the worse
I'm not saying Captcha is bad, but I hate running into it on a site
myself,
Same with me.
I've always wonder if some bot really ever used some character
recognition system
so that it is necessary to distort text so badly.
Another thing that bugs me about captcha is that in case you entered
So you know that it *always* prevents SQL injection in a standard
query (select, update or delete).
Really? Can you give an example of injection that will be prevented?
--
___
REUSE CODE! Use custom tags;
See
ANY string passed into cfqueryparam cannot be executed as SQL:
Is it really possible to get an SQL statement executed from a string for
a text field
without closing the string first with an apostrophe?
--
___
REUSE CODE! Use custom tags;
See
201 - 300 of 2701 matches
Mail list logo
