Thanks guys I will check both those suggestions.
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad.doubleclick.net/clk;160198600;22374440;w
Archive:
If you are on CF8, this sounds to me like the sort of thing you could use
CFTHREAD for - the upload can continue in the background but the user can
get on with their business.
Will
-Original Message-
From: Rick Root [mailto:[EMAIL PROTECTED]
Sent: 23 January 2008 03:14
To: CF-Talk
Thank you so much for all, some how it's working the only change i
made was in CF administrator set Request Throttle memory to 500MB.
It's uploading file, but it's taking more than 5 mins to upload 250MB
file.
I like using cfflush for stuff like this.
Display a please wait gif
cfflush
On 1/23/08, Will Tomlinson [EMAIL PROTECTED] wrote:
Thank you so much for all, some how it's working the only change i
made was in CF administrator set Request Throttle memory to 500MB.
It's uploading file, but it's taking more than 5 mins to upload 250MB
file.
I like using cfflush
This is happening when the content writer publishes the edited page.
Steve LaBadie, Web Manager
East Stroudsburg University
200 Prospect St.
East Stroudsburg, Pa 18301
570-422-3999
[EMAIL PROTECTED]
http://www.esu.edu
-Original Message-
From: Paul Hastings [mailto:[EMAIL PROTECTED]
Sent:
On Wednesday 23 Jan 2008, Steve LaBadie wrote:
This is happening when the content writer publishes the edited page.
So is it wrong in the database then ?
--
Tom Chiverton
Helping to challengingly enhance leading-edge convergence
on: http://thefalken.livejournal.com
Don't know. I don't have access to the database. The CMS runs on Citrix.
Steve LaBadie, Web Manager
East Stroudsburg University
200 Prospect St.
East Stroudsburg, Pa 18301
570-422-3999
[EMAIL PROTECTED]
http://www.esu.edu
-Original Message-
From: Tom Chiverton [mailto:[EMAIL PROTECTED]
I have checked and the settings are exactly the same on live, and test servers.
Maintain connections across client requests. is checked
Enable Unicode for data sources configured for non-Latin characters. is
unchecked
All the other parameters under the advanced tab are the same. In fact they
On Wednesday 23 Jan 2008, Kevin Roche wrote:
Anyone have any other ideas?
Broken or bad router, network etc. etc. ?
Does a (flood) ping indicate health there ?
--
Tom Chiverton
Helping to autoschediastically revolutionize compelling metrics
on: http://thefalken.livejournal.com
Hi,
I have a CF application whose database I ported from MS Access to SQL
Server. After doing so I got the following error on a search:
[Microsoft][ODBC SQL Server Driver][SQL Server]Incorrect syntax near the
keyword 'UNION'.
SQL = SELECT Products.*, Categories.*, Manufacturers.*
FROM
Apparently you can't use ORDER BY on the first SELECT, so I presume that
the second ORDER BY will be applied to the combined rows.
Thanks
Mark
-Original Message-
From: Ben Conner [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 23, 2008 9:04 AM
To: CF-Talk
Subject: syntax issue
If you are building it yourself - why not use an Array and not worry
about it? ;)
On Jan 22, 2008 9:17 PM, Rick Root [EMAIL PROTECTED] wrote:
On a side note, I'm a big fan of not using printable characters in
delimiters if I have an option.
So if I'm MANUFACTURING the list myself... I'll use
Does anyone have suggestions on best practice for setting up CFCs that will be
available for Air applications and CF applications?
From what I have read you need to set your functions in your CFC to
access=remote in order for the Air application to use them. I really don't
want to do that on
On 1/23/08, Ben Conner [EMAIL PROTECTED] wrote:
SQL = SELECT Products.*, Categories.*, Manufacturers.*
FROM Products, Categories, Manufacturers
WHERE Products.ManufacturerID IN (Select ManufacturerID from Manufacturers
WHERE Manufacturers.ManufacturerName Like '%spank%') AND
I'd def be interested in hearing this discussion.
-Original Message-
From: Chad Gray [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 23, 2008 8:32 AM
To: CF-Talk
Subject: Air and CFCs
Does anyone have suggestions on best practice for setting up CFCs that will
be available for Air
Air can't talk directly to CFCs. You'll have to use Javascript or Flex as
the transport mechanism. So, you would build it (to my understanding) as
you would if it was a pure ajax implementation. You'll either have to pass
username/password request on each send or somehow implement a logged in
On Wednesday 23 Jan 2008, Chad Gray wrote:
From what I have read you need to set your functions in your CFC to
access=remote in order for the Air application to use them.
Yup, same as using from Flex's RemoteObject or a web service.
I thought about making a CFC that was available remotely,
With Flex you can use setRemoteCredentials in your destinations and it
will be exposed as cflogin.username/password.
Only access=remote are visible to Flex/AIR apps but you can change
this behavior by setting the
method-access-levelremote/method-access-level to
method-access-levelpublic and
I should have specified that I would be using Flex in my Air and using
remoteObject.
mx:RemoteObject id=ro destination=ColdFusion
source=local.careycolor.login
endpoint=http://demo.dev/flex2gateway/; result=letUserIn()
-Original Message-
From: Todd [mailto:[EMAIL
A quick look doesn't throw up an obvious answer, and I'm looking for a
publicly accessable CFML engine to use at home, so...
Which free-for-production-use CFML engines (Railo, BD, ...) support
RemoteObject calls from Flex ?
--
Tom Chiverton
Helping to augmentatively iterate transparent eyeballs
For anyone who has used his example, how can I show what was choosen as
the default choices when the page is posted back to itself? I'm a Ajax
newbie. See link below. Thanks, Che
http://www.forta.com/blog/index.cfm/2007/5/31/ColdFusion-Ajax-Tutorial-2-Rel
ated-Selects
Thanks John!
On Jan 6, 2008, at 11:50 PM, John Mason wrote:
Echo11 has a SCORM LMS in ColdFusion. There url is echoeleven.com
John Mason
[EMAIL PROTECTED]
770.337.8363
www.FusionLink.com - ColdFusion and Flex hosting
Now offering ColdFusion 8 Enterprise hosting
FREE Subversion hosting
What the best approach to controling the error messages that appear when say
for example, someone removes an integer from a url scope? For example, the url
should pass idss=23 or whatever. If someone were to remove the 23 and get the
standard CF error message. How can I prevent that message
I need some help with an area of ColdFusion which I would call my
Achilles Heal of ColdFusion Programming. I cannot get my mind around
Regular Expressions, but know its the solution to many of my
problems. For example
I have the following CF Comment on a cfm page:
!---
Widget Name: My
Hi Everyone,
I could really use some help in solving this development issue. As many of you
may know, there is a known bug with Microsoft Internet Explorer with regards of
dropping session variables. It's happen much more frequent now and it's causing
us to lose sales on our ecommerce website.
What the best approach to controling the error messages that appear when
say for example, someone removes an integer from a url scope?
Well, you could use error handling, but I think errors are best kept out of
the users face. For url scope you could use something like this:
!--- verifies
One of the site's I'm working on had a SQL break-in on an old application.
The url scope passed an integer and the where statement in the cfquery wasn't
protected by cfqueryparam. I've added cferror to this application as well so
a hacker can't see the standard cf error message. Is there
Hi.
I have 2 year experience in cold fusion development/support.
I am a cold fusion certied programmer.
Also i have passed Sun Certified Java Developer Programmer exam.
I have a total of 3.5 years of experience of Software Industry.
or the first 1.5 years , i did some programming in Java ,
Lookup the cferror tag. You can use it to catch different types of error and
tell ColdFusion to display a custom error page for each type. The custom
error page has all the error information available to it too.
Dominic
On 23/01/2008, [EMAIL PROTECTED] [EMAIL PROTECTED]
wrote:
What the best
On Wednesday 23 Jan 2008, sandeep saini wrote:
I am looking for a company change.So how much annual package do you think
i can get?
What country ? Would you need to work remotely some or all of the time ? Would
you work for a start-up or only an established company ?
You could start getting
On Wednesday 23 Jan 2008, Orlando Roman wrote:
there is a known bug with Microsoft Internet Explorer with
regards of dropping session variables.
There is ?
--
Tom Chiverton
Helping to vitalistically grow seamless metrics
on: http://thefalken.livejournal.com
On Wednesday 23 Jan 2008, [EMAIL PROTECTED] wrote:
anything else I can do to tighten this issue down? Just want to make sure.
Have you reviewed every other cfquery in the app ?
--
Tom Chiverton
Helping to heterogeneously envisioneer leading-edge architectures
on:
Is there anybody out there who can help me do this?
Sure, there is CF_REextract.
It will return all your fields in a list or a query, and even read the
file for you.
See: http://www.contentbox.com/claude/customtags/REextract/testREextract.cfm
I am bssically from Idia , currently posted in USA on H1B. I am looking for a
job here in USA for some good established or start up (preferably established).
my current package here is 55K.
-sandeep
~|
Adobe® ColdFusion® 8
Or at the very least write some generic code in Application.cfm/Application.cfc
that inspects the form, url and cookie scopes and strips out anything
suspicious like SQL statements. That would only be a half measure though.
The queries need to be changed to use cfqueryparam.
On Jan 23, 2008 11:38
I also like this method:
cfparam name=id default=0
cfset id = int(val(id))
On Jan 23, 2008 11:24 AM, Robert Harrison [EMAIL PROTECTED]
wrote:
What the best approach to controling the error messages that appear
when
say for example, someone removes an integer from a url scope?
Well, you
If you Google this topic, you'll find many discussions about it. This problem
seems to be consistent with IE7 browsers. Our website relies on a session
variable (SESSION.CustID) to track the customer during the checkout. At any
time during the checkout, this variable all of a sudden becomes
Syntax error (missing operator) in query expression '(getUser.UserLogin =
'paulw') AND (getUser.Password' = '2324986')'.
Getting this error message on a simple login application. App starts in the
application.cfm as soon as the user enters the section of site that requires
login.
!---If user
Syntax error (missing operator) in query expression '(getUser.UserLogin =
'paulw') AND (getUser.Password' = '2324986')'.
Getting this error message on a simple login application. App starts in the
application.cfm as soon as the user enters the section of site that requires
login.
!---If user
If you Google this topic, you'll find many discussions about it. This
problem seems to be consistent with IE7 browsers. Our website relies on a
session variable (SESSION.CustID) to track the customer during the
checkout. At any time during the checkout, this variable all of a sudden
You might be interested in this Unofficial salary survey done a year
ago or so by a member of this list.
http://www.keystonesymposia.org/cfs/
Sadly, the results don't seem to be available anymore.
Bummer.
Rick
~|
Adobe®
cfquery name=getUser datasource=#dsn#
SELECT *
FROM Users
WHERE (getUser.UserLogin = '#Form.UserLogin#')
AND (getUser.Password' = '#Form.Password#')
/cfquery
You have an extra single quote after getUser.Password.
-- Josh
I like to handle things like that somewhat gracefully, for example:
!--- Default Parameters ---
cfparam name=url.MyID default=0 /
!--- Get Data ---
cfquery name=qryData
SELECT ...
FROM ...
WHERE MyID = cfqueryparam value=#val(url.MyID)#
cfsqltype=cf_sql_integer /
/cfquery
!---
Well I have just replaced the JDBC Drivers with the latest version 3.5. This
has reduced the time taken by a huge amount. There is no mention in the docs of
there being anything that would do that.
The same change on the test server made no difference.
Kevin
On Jan 23, 2008 9:04 AM, Nick Ross [EMAIL PROTECTED] wrote:
Syntax error (missing operator) in query expression '(getUser.UserLogin =
'paulw') AND (getUser.Password' = '2324986')'.
there's a single quote after getUser.Password.
--
Scientists tell us that the fastest animal on earth, with a
Is there a way to address all URL scopes or do I have to be specific and list
all URL scopes used on the site?
I'm thinking ...
CFIF ISDEFINED (URL.pr_id)
CFIF URL.pr_id contains select
/CFIF
/CFIF
Or at the very least write some generic code in Application.cfm/Application.cfc
that
Looks to me like you have an extra quote/apostrophe here (after
getUser.Password):
cfquery name=getUser datasource=#dsn#
SELECT *
FROM Users
WHERE (getUser.UserLogin = '#Form.UserLogin#')
AND (getUser.Password' = '#Form.Password#') /cfquery
-Original Message-
From:
Haha... who didn't see that coming?
-agreed
..:.:.:.:.:.:.:.:.:.:.:.
Bobby Hartsfield
http://acoderslife.com
-Original Message-
From: Raymond Camden [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 23, 2008 9:30 AM
To: CF-Talk
Subject: Re: listGetAt comma problem
If you are
Folks,
I agree 300mb is a small price for the benefits of cfqueryparam. That said,
the servers have been up for a few more days after this change and the Working
Set is now about 1 GB on the servers. This is the slowest web traffic time of
the year for us and as traffic increases so does the
You just loop over a collection:
!--- Make sure that all attributes scoped variables are decoded and
trimmed ---
cfloop collection=#url# item=variables.itm
CFIF variables.itm contains select
Please don't do that... tisk tisk!
cfabort
/cfif
/cfloop
On
01.22.08 9:44 AM
THANKS EVERYONE. YES, I FOUND THE SINGLE QUOTE BUT IT MADE NOT DIFFERENCE. NOW
I AM GETTING THIS ERROR MESSAGE:
Error Executing Database Query.
[Macromedia][SequeLink JDBC Driver][ODBC Socket][Microsoft][ODBC Microsoft
Access Driver] Too few parameters. Expected 1.
The
ENTERED AN EARLIER POST ON THIS SAME QUERY PROBLEM. ORIGINALLY IT WAS A SYNTAX
PROBLEM. HOWEVER, NOW I AM GETTING THE FOLLOWING ERROR. THIS IS A SIMPLE LOGIN
APPLICATION.
Error Executing Database Query.
[Macromedia][SequeLink JDBC Driver][ODBC Socket][Microsoft][ODBC Microsoft
Access Driver]
AND (getUser.Password' = '#Form.Password#')
Remove the single quote after getUser.Password'
Code Blindness is like snow blindness. ;)
Jerry Guido
Programmer
MGT of America, Inc.
[EMAIL PROTECTED]
The information contained in this electronic communication is intended
only for the use of
On 1/23/08, Nick Ross [EMAIL PROTECTED] wrote:
Syntax error (missing operator) in query expression '(getUser.UserLogin =
'paulw') AND (getUser.Password' = '2324986')'.
You have an extra ' after Password
probably should be
AND (getUser.Password = '2324986')
Error Executing Database Query.
Uh, I find that to be a security hole. URL.MyID = 1 will probably always
work. If not, I'll start the math guessing game.
On Jan 23, 2008 12:25 PM, Ryan J. Heldt [EMAIL PROTECTED] wrote:
I like to handle things like that somewhat gracefully, for example:
!--- Default Parameters ---
cfparam
SQL Server 2000
What kind of DB were you using? I still haven't seen a good example of a
sql query injection in CF since CF auto escapes single quotes.
Russ
~|
Adobe® ColdFusion® 8 software 8 is the most important and
http://www.keystonesymposia.org/cfs/
And it would be even better if the data source was still connected.
Robert B. Harrison
Director of Interactive services
Austin Williams
125 Kennedy Drive, Suite 100 Hauppauge NY 11788
T : 631.231.6600 Ext. 119
F : 631.434.7022
www.austin-williams.com
Another place to get average starting salaries is http://www.indeed.com/salary.
The data here is based on job listings that include salary in the description,
so you get a better idea of starting salaries than you would get from salary
polls.
CooLJJ
Nick,
YOUR CAPS LOCK IS STUCK. Just a heads up.
Jerry Guido
Programmer
MGT of America, Inc.
[EMAIL PROTECTED]
The information contained in this electronic communication is intended
only for the use of the addressee, and may be a confidential
communication. If you are not the intended
Assuming there is just one comment block, cffile read the file and try this
on it...
trim(rereplace(rereplace(theFileContent, (.*?!-{3})(.*?)(--.*), \2,
all), (.*?):(.*?)#chr(13)#, \1, all))
It will find and use only the first CF comment block that it finds...
meaning everything in the file
cfquery name=getUser datasource=#dsn#
SELECT *
FROM Users
WHERE (getUser.UserLogin = '#Form.UserLogin#')
AND (getUser.Password' = '#Form.Password#')
/cfquery
A few things:
1. The parenthesis are unneccessary
2. getUser is not a database object referred to in the query. This
On 1/23/08, Robert Harrison [EMAIL PROTECTED] wrote:
http://www.keystonesymposia.org/cfs/
And it would be even better if the data source was still connected.
didn't read the rest of my response, eh? =)
--
Rick Root
New Brian Vander Ark Album, songs in the music player and cool behind
the
Although it will still work exactly the same, it actually finds everything
between the first instance of !--- and --
I used html comments for testing and forgot to change the -- to ---
..:.:.:.:.:.:.:.:.:.:.:.
Bobby Hartsfield
http://acoderslife.com
cfloop collection=url item=key
Correction:
cfloop collection=#url# item=key
Dominic
On 23/01/2008, Dominic Watson [EMAIL PROTECTED] wrote:
Is there a way to address all URL scopes or do I have to be specific and
list all URL scopes used on the site?
Yep, the url 'scope' is a
There are other languages?!? ;-)
..:.:.:.:.:.:.:.:.:.:.:.
Bobby Hartsfield
http://acoderslife.com
-Original Message-
From: Rick Root [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 23, 2008 1:15 PM
To: CF-Talk
Subject: Re: listGetAt comma problem
I wasn't going to respond but
I don't get where you're getting the variables on line ...
cfloop collection=#url# item=variables.itm
Are you cfsetting URL variable and I've never seen the
variables.itm ... what's this?
You just loop over a collection:
!--- Make sure that all attributes scoped variables are decoded and
You may want to talk to someone in the tech recruiting field like Robert
Half (http://www.roberthalftechnology.com/). Average salaries will vary
widely by region.
Also, you could try these:
http://hotjobs.yahoo.com/salary
http://www.cbsalary.com/
On Jan 23, 2008 12:37 PM, Robert Harrison [EMAIL
Thanks fo rthe reply. No the DB fields are UserLogin and UserPwd. I changed
the code based on another members suggestion and this is the error I received:
SOOURCE CODE:
cfparam name=Form.UserLogin type=string
cfparam name=Form.UserPwd type=string
cfquery name=getUsers datasource=#dsn#
If your web traffic is so high that using the cfqueryparam is driving your site
speed down, I would suggest looking into changing your adhoc queries into
stored procedure calls. This will put the work on the database and relieve
some of the pressure from the web servers.
Good luck,
William
On 1/23/08, Brian Kotek [EMAIL PROTECTED] wrote:
Yes this is the real problem. You're referencing the table by the wrong name
in the where clause.
good catch Brian. We're like home inspects.. find one bug and point
it out and we've done our job =)
(*NEVER* fix things like leaky faucets and
I wasn't going to respond but since it came up again... :)
I can't write an array to a text file with Cobol. =) Not easily! But
I can write a chr(1) as a field delimiter.
Build it yourself doesn't always mean you're doing it in CF.
Rick
On 1/23/08, Bobby Hartsfield [EMAIL PROTECTED] wrote:
THANKS EVERYONE. YES, I FOUND THE SINGLE QUOTE BUT IT MADE NOT DIFFERENCE.
NOW I AM GETTING THIS ERROR MESSAGE:
Well it did make a difference then didn't it :p
I can't answer the question about the error but are you absolutely tied to
using access for the database? If you have the option, I
Would passing the CFIF CFTOKEN in the URL an acceptable practice? For
security reasons, I still want to save a variable on the server to prevent URL
hacking.
~|
Adobe® ColdFusion® 8 software 8 is the most important and
Too few parameters. Expected 1
This usually means that one of the column names is erroneous.
Password might also be a reserved word.
--
___
REUSE CODE! Use custom tags;
See http://www.contentbox.com/claude/customtags/tagstore.cfm
(Please send any spam to
Well, I can't now because I reinstalled CF 7. I would like to try to figure
out how to install them seperately. Just put a '7' in the CF template for the
install?
Thanks
~|
Adobe® ColdFusion® 8 software 8 is the most
Is there a way to address all URL scopes or do I have to be specific and
list all URL scopes used on the site?
Yep, the url 'scope' is a structure so you can loop over it's keys:
cfloop collection=url item=key
cfif url[key] contains select
/cfloop
Not sure about that SQL checking code.
If your form uses the get method, the variables will be in the 'url'
scope. If the form uses the post method, your variables will be in the
'form' scope.
On Jan 23, 2008 12:30 PM, [EMAIL PROTECTED]
[EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Is there a way to address all URL scopes or do I have
How do I prevent a user from uploading a zero length (empty) file on upload?
Is there a way to know the file size before the file is actually uploaded to
the server?
Any advice, resources or tips are appreciated.
Thanks.
~|
Although I agree with you on spelling, in a digital world where our written
resumes are scanned and our digital ones are 'processed' by computers, I tend
to write ColdFusion with both the space and without, just so that someone
looking for me who 'doesn't' know how to spell the proper name,
this is very logical advice, thanks very much, ill be sure to change our whole
application to use the cfqueryparam tag
thanks again
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the
Okay, thanks a million. I tried your suggestion and got this error code:
Error Executing Database Query.
[Macromedia][SequeLink JDBC Driver][ODBC Socket][Microsoft][ODBC Microsoft
Access Driver] Too few parameters. Expected 4.
The error occurred in
On Jan 23, 2008 9:47 AM, Nick Ross [EMAIL PROTECTED] wrote:
ENTERED AN EARLIER POST ON THIS SAME QUERY PROBLEM. ORIGINALLY IT WAS A
SYNTAX PROBLEM. HOWEVER, NOW I AM GETTING THE FOLLOWING ERROR. THIS IS A
SIMPLE LOGIN APPLICATION.
1) no need to shout
2) i already responded to the other
Hey Dear All..
Dont worry I know ColdFusion is ColdFusion and not Cold Fusion :-)
Currently I am in indiana. and yes I know webservces , ajax, oops.
thanks
sandeep
~|
Adobe® ColdFusion® 8 software 8 is the most important and
It is very dependent upon the market in the area you are looking at. A
mid-level developer at 55k in the south (and that's low) should expect
75k-80k for the same type of position in DC (cost of living is that much
different). Still not sure how developers survive in California.
Leastways not
I tried your suggestion. Changed the DB column name and the code and this is
the error I received:
Error Executing Database Query.
[Macromedia][SequeLink JDBC Driver][ODBC Socket][Microsoft][ODBC Microsoft
Access Driver] Too few parameters. Expected 2.
The error occurred in
Ok, so now you've got me in troubleshoot mode.
First, does the query run outside of CF? I just noticed the *[ODBC Microsoft
Access Driver]* part; I'm not a db guy, maybe this would change the syntax,
even slightly?
Second, are the DB fields both type 'varchar'? The cfqueryparam being used
marks
Hmm, that's interesting. That's what we're using, and I've never been able
to get a sql injection attack to work on it.
Can someone provide a simple example of how cfquery is vulnerable, so that
we all know what kinds of things to watch out for?
Russ
-Original Message-
From: [EMAIL
On 1/23/08, Nick Ross [EMAIL PROTECTED] wrote:
ENTERED AN EARLIER POST ON THIS SAME QUERY PROBLEM. ORIGINALLY IT WAS A
SYNTAX PROBLEM. HOWEVER, NOW I AM GETTING THE FOLLOWING ERROR. THIS IS A
SIMPLE LOGIN APPLICATION.
Error Executing Database Query. [Macromedia][SequeLink JDBC Driver][ODBC
ENTERED AN EARLIER POST ON THIS SAME QUERY PROBLEM. ORIGINALLY IT WAS A SYNTAX
PROBLEM. HOWEVER, NOW I AM GETTING THE FOLLOWING ERROR. THIS IS A SIMPLE LOGIN
APPLICATION.
Error Executing Database Query. [Macromedia][SequeLink JDBC Driver][ODBC
Socket][Microsoft][ODBC Microsoft Access Driver]
On Jan 23, 2008 9:36 AM, Nick Ross [EMAIL PROTECTED] wrote:
01.22.08 9:44 AM
THANKS EVERYONE. YES, I FOUND THE SINGLE QUOTE BUT IT MADE NOT DIFFERENCE.
NOW I AM GETTING THIS ERROR MESSAGE:
Error Executing Database Query.
[Macromedia][SequeLink JDBC Driver][ODBC Socket][Microsoft][ODBC
It really depends on what you've done with ColdFusion. Have you used
frameworks? Are you familiar with MVC, CFCs, and OOP?
Also, sorry to nitpick but the point must be made. When I was looking at
resumes and they spelled ColdFusion Cold Fusion, they instantly were
pushed to the bottom of the
Here is some additional information about our environment.
We have roughly 1000 datasources per CF Server with each one being set to 1000
max pooled statements. This is why I am really looking at the max pooled as a
real potential issue. I have read posts with recommendations to reduce it to
What kind of DB were you using? I still haven't seen a good example of a
sql query injection in CF since CF auto escapes single quotes.
Russ
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 23, 2008 11:26 AM
To: CF-Talk
Subject: Owned
Really man, thanks for the help. I decided to go real simple and change
everything to test it. Here is what I did.
cfquery name=getUser datasource=#dsn#
SELECT Password, FirstName, userID
FROM Users
WHERE (#form.accessCode# = password)
/cfquery
cfform name=siteAccess
Yes I did and thank you very much. However, it did not work. See my latest
post. I decided to try something real simple and got a different error message:
Element ACCESSCODE is undefined in FORM.
The error occurred in
C:\Inetpub\wwwroot\RickRossiter\NLR\Templates\loginForm.cfm: line 215
213
These guys (Rootdamages) are all over the place.
http://www.google.com/search?q=RootDamagessourceid=navclient-ffie=UTF-
8rlz=1B3GGGL_enUS209US209
Jerry Guido
Programmer
MGT of America, Inc.
[EMAIL PROTECTED]
The information contained in this electronic communication is intended
only for the
I actually have a LOT of experience with this issue. I myself experienced it
with IE6 for 3 months until an un-related Windows update corrected it.
We see a pretty fair amount of logged in users daily coming in with undefined
session variables that we catch. The vars are defaulted
Yes this is the real problem. You're referencing the table by the wrong name
in the where clause.
On Jan 23, 2008 12:42 PM, Dominic Watson [EMAIL PROTECTED]
wrote:
cfquery name=getUser datasource=#dsn#
SELECT *
FROM Users
WHERE (getUser.UserLogin = '#Form.UserLogin#')
doesn't access prefer double quotes?
(getUser.UserLogin = paulw) AND (getUser.Password = 2324986).
On Jan 23, 2008 12:11 PM, Rick Root [EMAIL PROTECTED] wrote:
On 1/23/08, Nick Ross [EMAIL PROTECTED] wrote:
Syntax error (missing operator) in query expression '(getUser.UserLogin =
'paulw')
I like to handle things like that somewhat gracefully
Agreed, I think you should handle as any errors that you can predict in your
code.
However, unexpected errors are nearly always going to happen in large or
even medium apps so it is still good to have a custom error handler that
says like
1 - 100 of 191 matches
Mail list logo
